IT Losing Ground in Virus Battle

 
 
By Dennis Fisher  |  Posted 2004-02-02 Print this article Print
 
 
 
 
 
 
 

After years of success deploying more effective and smarter defenses, anti-virus researchers contacted last week in the wake of the MyDoom outbreak acknowledged for one of the first times that the battle may be getting away from them.

After years of success deploying more effective and smarter defenses, anti-virus researchers contacted last week in the wake of the MyDoom outbreak acknowledged for one of the first times that the battle may be getting away from them. The MyDoom virus, which hit Jan. 26 and infected several-hundred-thousand machines, is the fastest-spreading virus in the history of the Internet, experts said. At its peak late last week, MyDoom had infected one in every 12 pieces of e-mail, according to MessageLabs Inc., a New York-based e-mail security company. MyDoom also is the latest in a line of recent viruses that, while not particularly innovative, have been maddeningly effective.

To find out how to remove the MyDoom worm, click here.

Anti-virus software is an inherently reactive technology, leaving users as the first line of defense against new viruses. But despite endless admonishments to refrain from opening e-mail attachments, whether from home or work, many users continue to be fooled. In fact, whereas most viruses start from home PCs, MyDoom began from inside a corporate network.

"There are a lot of Fortune 100 companies infected," said David Perry, global director of education at Trend Micro Inc., in Cupertino, Calif. "Theres nothing entertaining about this."

Social engineering tactics such as MyDooms disguising itself as a returned or rejected e-mail message make it harder for users to distinguish legitimate messages from infected ones.

"[The virus writer] obfuscated the message to the point where it was alluring. The innovation coming out of these guys is slim," said Ian Hameroff, eTrust security strategist at Computer Associates International Inc., in Islandia, N.Y.

Virus writers are now loading their creations with extras such as back doors, mail proxies for relaying spam and keystroke loggers for stealing passwords. As a result, theyre guaranteed that the viruses will continue to do damage after theyve been removed from a computer.

By the end of last week, Symantec Corp. sensors were seeing as many as 2,000 unique machines scanning for PCs listening on port 3217, which is used by the back door MyDoom installs.

Next page: When will the tide turn?



 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel