Service Model to Combat New, Uglier Threats in 04
The attackers are getting smarter and more sophisticated, but users aren't making the same kind of progress. Expect new blended threats, impotent laws, and better products and services to protect yourself with. In 2004, smart users will cruise and suckersIts hard to say that 2003 has been a good year for security, but conscientious IT staff can feel good about their odds in the battle for security. You can protect yourself. But the arms race with attackers is getting nasty, and 2004 will be harder. Theres no doubt in my mind that the biggest problem with computers these days is spam. Its a problem that everyone has to deal with, even if its managed to the point where its just an annoyance. Dont expect the problem to be solved; expect the spam problem and the e-mail worm problem to converge. Weve begun to see this happening in phishing worms like MIMAIL that contain special, disguised worm applications. MIMAIL, Sobig and the other major worms of 2003 indicate a growing level of sophistication among the top attack writers. The other major trend that will continue to manifest in 2004, and which parallels the evolution of legitimate software development, is increased ease-of-use of attack development tools.
From the standpoint of the vermin who write these things, MIMAIL is clearly an improved, next-generation worm. Why write a worm that just attacks and spreads? Why not write one that also creates the possibility of collecting personal information to sell? From the distribution standpoint, unlike older phishing attacks that just send you to a fake company site, MIMAIL redistributes itself.