Stand by for More Nasty Web Attacks in 2002

[InfoSec News <isn () c4i org>]

http://www.reuters.com/news_article.jhtml?type=internetnews&StoryID=478221

By Elinor Mills Abreu 
December 26, 2001 

SAN FRANCISCO (Reuters) - If security experts are calling 2001 the
worst year for computer viruses, and December the worst month, how bad
will things get in 2002?

Experts are predicting that viruses and their cousins, the
self-propagating worms, will find new and even more nasty ways to
attack computer systems, possibly even hitting mobile devices, pocket
PCs and smart phones in the coming year.

Computer users should expect to see more viruses that try to dupe them
into taking action that will execute the malicious code, said Vincent
Weafer, senior director of Symantec Corp.'s security response center.

Virus writers have learned that it's easy to trick people into opening
attachments by telling recipients they are photos of Russian tennis
star Anna Kournikova or labeling them "naked wife."

Other virus ruses included misleading people into believing that by
clicking on an attachment they could participate in a survey about the
events in Afghanistan, or indicating that it was an antivirus software
update from an established vendor.

While such gimmicks were popular, the most damaging virus didn't
spread via e-mail. At an estimated $2.6 billion in damages and 300,000
computers infected, Code Red was the biggest virus this year. It
spread by exploiting a known vulnerability in servers running
Microsoft Corp.'s Internet Information Server Web software.


'BLENDED THREAT'

This year was the year of the "blended threat" virus, featuring
multiple attack modes such as Nimda, which spread via e-mails and
infected Web pages and servers. The more methods of attack, the faster
and farther a worm can spread, experts say.

"You've traditionally had hacker tools in one corner and virus writers
in another corner," said Weafer. "Now they've come together."

Vincent Gullotto, senior research director of Network Associates
Inc.'s antivirus response team, also warned of more attacks that lure
computer users to visit infected Web pages.

In such attacks, victims receive e-mails that include Web addresses
that, when visited, download malicious code to the computer.

"You don't have to double click on anything. There's no attachment,"  
Gullotto said.

Because devices like the Microsoft Corp. Pocket PC 2002 and Nokia
Communicator can be plugged into a desktop computer to download
information, they are susceptible to some of the same computer viruses
and worms that infect PCs, said Mikko Hypponen, manager of anti-virus
research for Finnish-based F-Secure Corp.

"The next wave of attacks are not going to come from the PC, but from
wireless viruses," George Samenuk, chief executive of Network
Associates, told Reuters in an interview recently.

"Less than 5 percent of wireless devices have anti-virus software,
while wireless networks are really taking hold," Samenuk said.


'SCRIPTS' AN EVEN GREATER CONCERN

Another Network Associates researcher said experts are even more
concerned with scripts, or malicious pieces of code, that are
transferred between mobile phones via the instant messaging system.

"There are things that can be done today in which you can send a
script and it can shut the phone off," said Vincent Gullotto.

But the mobile virus threat was played down by Sophos Anti-Virus
senior technical consultant, Graham Cluley.

"Is there a mobile threat? One year after the first warning we haven't
seen a single mobile device virus in the wild," he said.

Cluley added that Sophos has a team looking at mobile viruses, but for
2002 he advised that corporate clients spend their anti-virus budgets
in other areas with higher risks.

As of early December, corporations had spent an estimated $12.3
billion to clean up virus damage for the year, according to Computer
Economics, a Carlsbad, California, firm that analyzes the economic
impact of viruses and other computer security threats.

After Code Red, the second most-costly virus, at an estimated $1
billion, was an e-mail worm dubbed SirCam that exported random
documents from infected machines, putting the privacy of computer
users at risk.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.