Computerworld - An evil array of computer viruses, worms and Trojan horses will in coming years propagate to your cell phone, invade your personal digital assistant (PDA), open back doors into your PC and more, experts are forecasting.
Predicting what form rogue software will take is difficult, they say, but current trends offer clues. "They are coming faster," says Peter Tippett, chief technology officer at TruSecure Corp. in Herndon, Va. "When we had Friday the 13th and Form, it took a virus two to three years to go from birth to being No. 1 [in reported attacks]. Then, when the macro virus Concept came along, it took two to three months. Last year, Nimda took 22 minutes to go to No. 1."
Although the number of new viruses introduced each year is declining, "malware" is getting far more destructive. It increasingly spreads by multiple vectors, Tippett says, such as the Nimda worm, which propagated in five ways. And more viruses are being aimed at Internet servers, with desktop invasion a secondary effect.
"When you have 400,000 servers on the Internet all contributing to the spreading of an infection, you get an incredibly rapid growth," he says.
And the rogue software not only can spread in multiple ways, but it also can launch multiple attacks. "With the worm Nimda, there were multiple payloads—not just data destruction but also creating vulnerabilities and exploiting them," says Vincent Weafer, senior director of security response at Symantec Corp. in Cupertino, Calif.
Credit: Josef Gast
Indeed, two previously distinct groups—virus writers and hackers—are joining forces to cause double trouble. "Now we are seeing attack tools used by both sides," Weafer says. "What if I take a buffer overflow exploit and put that on the back of a worm that goes looking for vulnerable systems?"
Perhaps the biggest boost to malware distribution will come as devices become more programmable and connected. "I am particularly worried about the merging of mobile phones and PDAs," says Fridrik Skulason, a virus researcher at Frisk Software International in Reykjavik, Iceland. "Sooner or later, someone will release something with the intent of screwing up mobile phone communication worldwide."
Adds Skulason, "I am also concerned about 'slow' damage—viruses that fiddle with data, changing a single number in a spreadsheet or changing a word or two, like changing 'probably' to 'probably not'—in a document. In those cases, even a good set of backups may not help, because the data corruption might have gone on for a long time."
Graham Cluley, a senior technical consultant at Sophos Anti-Virus PLC in Oxford, England, predicts a rise in the use of "backdoor Trojan horses" sent surreptitiously by e-mail. "You run the program and that opens a door, which people on the outside can use to steal your passwords, destroy files and so on," he says. "With the increased adoption of always-on connections, more and more home and office users will get hit by them."
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
