The Coming Virus Armageddon

Discussion in 'other security issues & news' started by Technodrome, Sep 16, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Feb 13, 2002
    New York
    Computer virus writers are known for building on each other's work to create ever-deadlier malware. In the future, a truly malicious code might not create an immediate uproar by hitting the Internet with a big bang. Instead, it could slowly and quietly seize control of a vast number of computers, doing significant but not immediately apparent damage to data.

    How conceivable is the supervirus threat? "We never say never in this business," (Nasdaq: MCAF) virus research manager April Goostree told NewsFactor. "We've never really seen it, but we've seen some things that are pretty darn close. I really don't see why it couldn't be done."

    But Trend Micro (Nasdaq: TMIC) global director of education David Perry disagreed, telling NewsFactor that given the nature of viruses today, it is unlikely that one could cripple the Web. "I really don't believe in the concept of there being an ultimate computer virus," he said. "There are rumors about there being a metavirus or megavirus, but it's fiction."

    All About (Social) Engineering

    Regardless of probability, Goostree and Perry agreed that the key trait of a virus with the ability to knock out the Internet has nothing to do with technology. Rather, the ultimate virus would hinge on social engineering -- antivirus jargon for the tricks virus writers use to fool people into infecting themselves and others.

    While most viruses use a mass-mailer to spread infection via e-mail, Goostree said it is even more effective to spread viruses surreptitiously, via a slow dissemination that draws little attention as it infects and inflicts damage.

    Perry agreed, saying, "The worst viruses are the viruses that don't make any noise at all."

    Do Fear Change

    In addition to being stealthy, experts said, the ultimate computer virus would be polymorphic -- able to change its code, message and form to avoid detection. For the most part, antivirus software vendors detect and identify malicious code by using virus definitions, or virus fingerprints, that are unique to a specific virus.

    One polymorphic virus in the wild is Hybris, which climbed the charts this year as it spread. "It changes so that antivirus products that could have caught it in x form won't pick it up anymore," Goostree said.

    Sitting Ducks

    Recently, malware also has begun to grow more deadly by targeting computer defenses, as the Yaha worm does. For example, malicious code might disable antivirus and firewall software.

    Such interference, coupled with installation of a Trojan program that would enable an attacker to control a machine remotely, could leave users "dead in the water," Goostree said. "You'd have no antivirus, no connection and no communication method to try and get help. It would effectively really cripple our communication system."

    Data Destruction Dilemma

    While most damage done by viruses today comes in the form of computer downtime and lost productivity, the ultimate computer virus of the future probably would destroy or overwrite files, according to Goostree.

    However, execution of a lethal payload would be an impediment if a virus writer wanted to infect a large number of users, because data destruction would alert users to the virus' presence. "People would figure it out and fix it immediately," she added.

    Beyond the Net

    Although Trend Micro's Perry discounted the threat of a supervirus that could bring the Internet to its knees, he said emerging communications platforms -- including wireless and peer-to-peer networks -- are likely to come under fire from virus writers.

    "I would stop thinking in terms of the Internet model we use to access computers today," Perry said. "As we proliferate more and more and more -- streaming media, video, new media, cell phones, PDAs and other internetworked devices, including the automobile -- all of those things are going to be eligible for viruses."

    However, fear of viruses often does more damage than actual viruses, Perry noted, adding that if data is treated like property -- such as a home or automobile -- it will remain safe. "The proper technology and proper user education will lead us to a world where data is more secure," he said.


  2. jvmorris

    jvmorris Registered Member

    Feb 9, 2002
    Interesting read. Thank you. This is one part of the reason that I find NIS File Check so interesting and have it scheduled to run daily.

    This makes it a lot easier to find a new executable (or a modified existing executable) before all hell breaks loose. Unfortunately, NIS File Check is not omnipotent in this regard. It's quite possible that something could get loaded and run creating irretrievable damage before I would find it. Still, NFC provides a certain modicum of protection against 'sleeper' apps -- if one bothers to look at the results.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.