The New Attack Pattern

By Larry Seltzer  |  Posted 2006-12-10 Print this article Print

Opinion: Danger still lurks, but things have gotten a lot better for the average computer user.

Ive written many columns arguing that things are getting better for the average user over time, and I still feel that way. Its not just that the tools to protect yourself against attacks are becoming more accessible and affordable. The pattern of attacks by the malicious code crowd has changed. Remember the widespread mass-mailer attacks of years ago? Those attacks are still out there and will be for a long time, but I doubt theyre infecting many new systems these days. And the mass network worm attacks like Sasser and Blaster are still in the background, but patched long ago, and no new vulnerabilities have emerged for a long time to allow such attacks.

eWEEK Labs says that Vista takes Security up a notch, but that the new features will have greater impact on consumers than corporations. Click here to read more.

In the meantime, defenses have shored up, especially in business. Effective network-level protection is cheap compared to the risks of not using it. Even a simple NAT box blocks a huge percentage of threats.

The pattern we began to see emerging in 2006 was the narrow, targeted attack. The old style of mass-bombardment of attacks appears to be a thing of the past. Its been over a year since we had a major Windows attack, Zotob if I remember correctly, and even that was not an all-timer. Even though it got a lot of ink, I still dont consider the WMF bug of a year ago to have been a major attack.

Zotob used the MS05-039 Plug-and-Play buffer overflow vulnerability to spread. There have been Windows vulnerabilities since then, but no widespread attacks based on them.

Instead a new pattern has emerged: Shortly after the monthly patch day, new zero-day attacks are discovered. Not widespread attacks, but narrowly targeted attacks against specific enterprises. A blog entry from Microsofts Security Response Center says that in the cases where they say that theyre aware of "very limited, targeted attacks," they are talking about a few, perhaps as few as one or two.

Next page: Vulnerabilities for hire

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel