Establishing Digital Trust: Don't Sacrifice Security for Convenience
Just as the industry was reeling yesterday from the weekend release of a new Netsky variantand five new Bagle variants, another two Bagle variants and one more Netsky variant have hitthe Internet. The variants are coming so fast that at least one anti-virus vendor has warnedits users to update their software every hour.
''It's like a tsunami wave, with all the variants crashing down at once,'' says Ken Dunham,Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence companybased in Reston, Va. ''We're getting wave after wave of attacks and they're significantattacks... It's a constant deluge. It's annoying and it's frustrating and people are gettingtired of it.''
Anti-virus company, Panda Software, is calling the attacks an 'epidemic'.Netsky-D, alone, has caused $58.5 million in damages worldwide, according to mi2g, aLondon-based security assessment company. And as that variant continues to wreak havocacross the Internet, Netsky-E has been discovered. The latest variant spreads via email andnetwork shares, but so far is not causing as much trouble as its predecessors.
''Whoever is behind the Netsky worms is hell bent on causing as much chaos as possible,''says Graham Cluley, senior technology consultant for Sophos, Inc., a Lynnfield, Mass.-basedanti-virus and anti-spam company. ''They have deliberately released new versions of theirvirus, tweaked to try and avoid detection by anti-virus software. Computer users should heedthe warning and be wary of any unsolicited email attachment.''
The Bagle family ushered in Bagle-H and Bagle-I yesterday. Bagle-H, which Sophos upgradedfrom a low to a medium threat, is an email worm which contains a password-protected Zip filewhich avoids anti-virus detection. When the attachment is opened, the worm opens up abackdoor on Port 2745 and waits for commands from the virus author. Bagle-I follows the samepattern but has been tweaked to avoid detection by anti-virus software programmed to stopBagle-H.
''As soon as detection for a new variant is added to anti-virus software, literally, withina couple of hours we'll see the slightest modification done to a new variant to avoiddetection,'' says Steve Sundermeier, a vice president at Central Command, Inc., ananti-virus company based in Medina, Ohio. ''It's very apparent to me that there's a cat andmouse game going on. With this kind of timing, this has to be a deliberate attack trying tostrain anti-virus companies.''
But while anti-virus companies are struggling to keep up with the deluge of attacks,corporate IT managers are faced with the same problem. They're fighting to keep anti-virussoftware updated, to keep users from panicking and to keep software patched.
'' That strains us but IT managers have to be on their toes at all times, as well,'' saysSundermeier, who adds that Central Command has told its large customers to update theiranti-virus software every hour, as opposed to once a day or every four to six hours. ''Thisis a definite strain on the IT field. When you have variants C,D,E,F,G,H,I within a matterof 72 hours, that's crazy.''
Dunham of iDefense says he's concerned that it's simply not feasible for some IT managers tohave the time and capacity to update their anti-virus software that frequently.
''My question is, How reasonable is that?'', asks Dunham. ''IT managers are having to changethe way they operate. It's all about how rapidly they can respond to wave after wave ofattack. They're on the line to be in the know about what's going on as it's happening. Ifthey don't have up-to-date information, they're hanging in the wind.''