Security Web Digest: More Malicious Code, Profile of a Virus Writer, Securing Networks, ... and More

Are viruses more durable? ... New worm offers Iraqi spy photos... Forgotten passwords ... and more from around the web.


The growth of malicious code slowed between July 2001 and the end of last year, but new viruses pose a more constant threat and last longer than in previous years, according to the Virus Prevalence Survey, conducted by ICSA Labs, an independent division of TruSecure. The prevalence of mass mailing viruses and Internet worms account for the increase in durability. Those virus types are harder to remove, even after virus definitions are available.

A new e-mail worm is spreading by capitalizing on interest in the war with Iraq and related issues, British antivirus vendor Sophos warned. Some e-mails containing the W32/Ganda-A worm contain subject lines and content designed to entice the user with the promise of Iraqi spy photos, screensavers expressing patriotic U.S. sentiments or critical of the Bush administration, and warnings about Nazi propaganda being spread via CD-ROM to children or over the Internet. The worm spreads by sending itself to e-mail addresses collected from EML, HTM*, DBX, and WAB files on an infected computer. It creates two copies of itself in the Windows folder and it changes the Windows registry so that it loads automatically every time the computer is started.

The author of this worm and other viruses is likely to be a 14- to 34-year-old male who is more obsessed with computers than courtship. That is the profile of the average computer-virus writer, anti-virus vendor Sophos said on Tuesday. "They have a chronic lack of girlfriends, are usually socially inadequate and are drawn compulsively to write self-replicating codes. Its a form of digital graffiti to them," said Jan Hruska, the chief executive of Sophos. Hruska said the number of viruses created would continue to climb in the coming years.


Rocksteady Networks on Wednesday announced the general availability of its RocksteadyNSA Network Sharing Application, which allows organizations to securely share their wired and wireless networks. With the new application, companies can extend user-specific access to their wired or wireless networks to employees, partners, consultants and customers without sacrificing security, performance or usability, the company said in a statement. "With RocksteadyNSA, users are assigned passports when they enter the network. These passports determine which areas of the network they can visit -- ensuring that they dont venture to areas where they dont belong," said Kerry Grimes, Rocksteady president and CEO.

Forgetting a password comes with a cost. Forrester Research estimates that password problems account for 40 percent to 80 percent of all calls to company IT departments. The estimated annual cost for password administration per user is between $340 and $800. In large companies, employees may need passwords for five to 15 computer applications -- not including personal accounts.