New Attckers

By Robert Clyde  |  Posted 2003-04-08 Print this article Print

& New Threats"> New Attackers In the future, there will be a greater dependence on the Internet than ever before, and not just for e-commerce, but also for control of critical infrastructure (power generation, communications, transportation, etc.). While this will bring great efficiency, it also means that the downside of a severe attack on the Internet will be greater than ever.

Until now, "amateurs" - young people with no particular motivation or target in mind - have undertaken most of the highest-profile attacks on the Internet. However, I expect that over the coming year and beyond, we will see a rise in more professional types of attackers, targeting specific crucial online systems. This will potentially endanger not only the Internet, but also our national security, and ultimately our entire way of life.

New Threats
In July 2001, Code Red spread to 250,000 systems within six hours and the worldwide economic impact of the worm was estimated to be $2.62 billion. Code Reds spread was fast enough to foil immediate human intervention and the ramifications were huge. And just think, the Slammer SQL worm a couple of months ago was even faster.

As attacks grow more professional in nature, I suspect well see an even greater increase in the speed and destructive capabilities of threats. For instance, we may see threats emerge that use advanced scanning techniques to infect all vulnerable servers on the Internet in a matter of minutes or even seconds.

Examples of this include Nick Weavers Warhol worm scenario or Silicon Defenses Flash worm theory:

  • Warhol Worms: Through advanced scanning, Warhol worms would first start an infection using a list of about 50,000 sites, and then use coordinated scanning techniques to infect the rest of the Internet. In theory, these worms could spread across the Internet and infect all vulnerable servers in less than 15 minutes of "fame". The recent Slammer SQL worm showed the first potential glimpses of a Warhol-type threat with its infection rate doubling every 8.5 seconds in the initial stages.
  • Flash Worms: Flash worms would operate similar to Warhol worms, but in this case a determined attacker would begin the infection using a list of not 50,000, but all or almost all the servers open to the Internet. Rather than 15 minutes, such an attack could infect all vulnerable Internet servers in less than 30 seconds.
It is very likely that we will continue to see polymorphic and metamorphic worms, but on a much more complex level. These worms will use stronger techniques for encrypting themselves and because they change their pattern every time they run, it could take days or even weeks for researchers to analyze and create cures.

We will also see an increasing number of threats specifically targeted at disabling security software. An example would be retro viruses that attack antivirus software by deleting virus definition tables or memory resident scanners.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel