Computerworld - The economic impact of Internet worm attacks is staggering, with analysts reporting that the Bagle, Netsky and Mydoom worms combined caused several billion dollars in damage from lost productivity, business disruption, bandwidth consumption and manpower costs. While there were many worms in the past 18 months, there were only a few devastating ones, giving companies a somewhat false sense of comfort.
Now imagine a world where worm attacks frequently occur because hackers and rogue developers have access to "worm kits" or development tools that provide the basic building blocks for rapid worm development.
Historically, worms were basic clones of one another that didn't change after their original development. Simple mechanisms were used to propagate them, such as mass-mailing worms using a single subject line.
Today's worms are more sophisticated. They have the ability to mutate after development based on knowledge of how to thwart new security processes. For instance, an early worm, Code Red, attacked only Internet Information Server servers. The Nimda worm, which came later, expanded to include at least three additional attack methodologies: mail-based attacks, file-sharing-based attacks, and attacks against the Internet Explorer Web browser.
Worms become easier to create
The potential for this worm-a-day nightmare comes from several factors: the dozens of vulnerabilities that are ready to be exploited, the availability of worm source code, recycled exploits and the ease of editing existing worms.
Before a worm can be developed, a network vulnerability has to be identified. Recent research from Arbor Networks on the transition from vulnerability disclosure to worm release shows that there are dozens of vulnerabilities ready to be used as the propagation vector in Internet worms. However, only a handful are developed into worms every year, resulting in a large number of untapped vulnerabilities that attackers could use to spread their worms in the future.
All these vulnerabilities might not be a big deal if worms weren't getting so much easier to build. With available source code, worm authors can expand on these tools or recycle methods seen in successful worms. These code bases provide an excellent starting point for an aspiring worm author and drastically reduce development time.
Examples of techniques and resources hackers are using to expedite worm development include the following:
- Agobot source code is available on the Internet. Mydoom had its source code distributed by a follow-up worm, and the Bagle and Netsky worms shared source code.
- Opening a command shell on a network port and other widespread vulnerabilities can be used to download the executable file during propagation.
- Re-releasing worms is becoming more common as hackers capture a spreading worm and modify it using a hex editor, usually to distribute a new payload.
- By being able to recycle routines, techniques and code from previous worms, a worm author has less to develop and test and can reuse methods that have already proved successful.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!