Back to Metroland's Home Page!
 Columns & Opinions
   The Simple Life
   Looking Up
   Myth America
 News & Features
   This Week's Review
   The Dining Guide
 Cinema & Video
   Weekly Reviews
   The Movie Schedule
   Listen Here
   Art Murmur
   Night & Day
   Event Listings
   View Classified Ads
   Place a Classified Ad
   Online Personals
   Place A Print Ad
 About Metroland
   Where We Are
   Who We Are
   What We Do
   Work For Us
   Place An Ad

A Real Can of Worms
Vulnerable code, vicious virus and virtuosic hackers are making the Internet a minefield for users, and experts say it’s only going to get worse

By William Kanapaux

How much do you trust your computer? How sure are you that while you click your way through e-mails and Web pages that it’s communicating with the rest of the world the way you intend it to?

How do you know it’s not logging your keystrokes for some hacker in Kazakhstan to steal your passwords? That it’s not sending out spam or spreading a worm?

I’m not so sure I trust mine all that much. Despite a firewall, two anti-spyware programs, a pop-up blocker, automatic updates to my antivirus software and automatic downloads of Microsoft security patches, I can’t help but wonder whether somebody somewhere has wormed their way into my computer.

Internet worms pose a serious threat to networks and home users, and the nasty little creatures are becoming better at what they do. According to the latest Internet Security Threat Report from Symantec, malicious code that can expose confidential data increased dramatically over the second half of 2003.

Plus, newly discovered vulnerabilities in Microsoft Windows are becoming increasingly severe and easy to exploit, meaning that it takes little skill to gain unauthorized access to critical data in a network or computer.

Unlike computer viruses, worms are self-propagating. They don’t require the activation of a host file on the infected PC in order to spread. They often exist in resident memory rather than on a hard drive, making them difficult to detect and remove. They frequently hide in Word or Excel documents as macro commands.

Because worms can spread rapidly, they often clog servers and pipelines, and the biggest of them can slow Internet traffic to a crawl and crash network servers. They also can deliver virus payloads, planting a host file on the targeted computer before e-mailing themselves across the Internet.

In the second half of 2003, threats to privacy and confidentiality grew by a whopping 519 percent, and the number of mass-mailer worms, with their own e-mail engine, increased 61 percent. Those cute little mass-mailer worms are the ones that send out the fake e-mails from, or take the actual text of an existing message from someone and use it as the body of an e-mail with an attached virus that is sent to everyone on the target’s address book. The use of mailers allows the worm to evade detection by not interacting with the user’s e-mail system.

Last August, the Internet endured three Category 4 worms (“severe”—the second highest threat level) in 12 days. Blaster, Welchia and Sobig.F infected millions of computers around the globe and may have caused as much as $2 billion in damage.

According to Clive Thompson in the “The E-Infectors,” a story about underground virus writers in the Feb. 8 issue of The New York Times Magazine, copies of Sobig.F accounted for one of every 17 e-mail messages sent across the Internet at the height of the attack. And copies of Mydoom.A, which hit in January of this year, accounted for one of every five e-mails.

Hackers like to refine and retool their handiwork, and Sobig alarmed virus researchers by its methodical development over six releases, Thompson reported. Each new variant was programmed to permanently shut down after several days or weeks in what appeared to be a series of controlled experiments. Sobig.F, the latest version thus far, installed a back door on victim’s computers that would allow the programmer to gain control of it in the future, perhaps for sending spam or stealing financial information. Experts believe that a new version of Sobig will be released this year.

And worm writers continue to be more enterprising, giving online security experts a real headache.

Just two weeks ago, two new worms surfaced with surprising twists. The first was a new version of the Bagle worm (aka Beagle) that is activated as soon as a user views an e-mail.

There’s no need to open an attachment. Once the e-mail is visible in an Outlook preview frame—which comes up automatically for most Windows users—the worm gets busy. Hidden HTML code takes advantage of a flaw in Internet Explorer that allows for the automatic download of a file from a remote Web site. It can disable certain anti-virus programs and firewalls (though not the most popular ones) and also seeks out shared folder files for spreading itself through file-sharing programs.

Currently, the worm simply downloads a version of itself onto the user’s computer, but that’s subject to change as hackers work on newer versions of it.

Only two days later, the Witty worm struck with a destructive payload, a rarity for worms. It was the first worm ever to enter computers and network systems through vulnerabilities in a firewall—BlackICE and RealSecure in this case. And it signalled the fastest turnaround time ever between the disclosure of a program vulnerability and the appearance of a worm to exploit it, taking only two days.

The worm infected about 30,000 computers. Once it found a victim, it would generate 20,000 random IP addresses in an attempt to propagate itself and then would overwrite 64K of hard drive with random data. The process then repeated itself, again and again, methodically destroying the hard drives of infected computers as it continued to spread.

Most worms and viruses are predictably aimed at Windows and its Win32 software platform. And most new worms take advantage of “back doors” opened by previous worms, allowing a certain type of evolution to occur.

Security experts see a number of troubling possibilities for future attacks. One is the presence of stealth worms, which spread at a slower rate by hiding within normal Internet traffic. The goal is to gain access to computers and systems in order to unobtrusively harvest data. By not drawing attention to themselves, they stand less chance of being identified.

Another is the potential emergence of “zero-day” blended threats. These threats combine the characteristics of viruses, worms and Trojan horses (malicious programs that masquerade as something benign) with coding designed to exploit unknown vulnerabilities. A zero-day outbreak would occur when malicious code is released before a vulnerability is known, and days before security patches become available.

Chances are good that some of these worms will wreak major havoc before it’s all said and done. It’s almost enough to make you want to give up on the Internet, if such a thing were possible.

Instead, it might be a good time to switch to a Mac computer or Linux as your operating system, or at least get away from Microsoft Outlook and Internet Explorer by switching to a program such as Mozilla or Opera.

You might be glad you did.

Send A Letter to Our Editor
Back Home
Banner 10000136
Copyright © 2002 Lou Communications, Inc., 4 Central Ave., Albany, NY 12210. All rights reserved.