Security threats Toolkit

Forget Bagle, the real threat is home users

Tags:
Home Users,
Trusecure,
Viruses,
Worm

Munir Kotadia ZDNet.co.uk

Published: 23 Jan 2004 16:20 GMT

The recent Bagle worm outbreak was over-hyped and did not cause corporate administrators many problems, but as malware authors develop new tricks to launch an attack, the stage is set for a "crippling event", according to IT risk management company TruSecure.

Jay Heiser, chief analyst at TruSecure, acknowledged that the recent Bagle outbreak did cause some damage, but said it was not a "crippling event" and did not have a significant effect on enterprise IT departments. However, it did demonstrate that malware authors are continuing to develop their skills: "The capabilities of malware continue to increase in ways that are very unappealing to home and corporate users alike. Virus writers are not content to just create something that spreads and causes destruction. They are using the innate capability of computers to do interesting things, which is a very worrying trend," he said.

Heiser explains that the current trend is what he calls "parasitic malware", which conquers vulnerable systems in order to launch an attack against a third party. "Parasitic malware not only has the capability of stealing email addresses, but also stealing the online identity, processing power and network connectivity of its victim," he said.

This move by virus writers has resulted in corporate IT systems becoming increasingly dependent on home users keeping their computers patched and virus-free.

Corporate spam and antivirus company Sophos last month estimated that one-third of all spam circulating the Web is relayed through PCs that have been compromised by Remote Access Trojans (RATs). Graham Cluley, a senior technology consultant for Sophos, said that the increasing use of broadband Internet connections and a general lack of security awareness have resulted in around one in three spam emails being redirected through the computers of unsuspecting users. "There are lots of people on cable modems and broadband connections that haven't properly secured their computer. They don't know it, but their PC is being used as a relay for sending spam to thousands and thousands of other people," he said.

As well as sending spam, compromised PCs can be used to launch denial of service attacks or even as platforms for anonymously delivering new malware to unsuspecting Internet users.

TruSecure calculated that the average time period between serious security attacks last year, such as MSBlast and SQL Slammer, was 71 days; the last time a piece of malware caused serious damage was the Sobig.F virus, which hit more than 150 days ago. Although worms are not released according to an organised schedule, TruSecure warns users to be prepared for a major outbreak in the near future.