Computerworld - The economic impact of Internet worm attacks is staggering, with analysts reporting that the Bagle, Netsky and Mydoom worms combined caused several billion dollars in damage from lost productivity, business disruption, bandwidth consumption and manpower costs. While there were many worms in the past 18 months, there were only a few devastating ones, giving companies a somewhat false sense of comfort.
Now imagine a world where worm attacks frequently occur because hackers and rogue developers have access to "worm kits" or development tools that provide the basic building blocks for rapid worm development.
Historically, worms were basic clones of one another that didn't change after their original development. Simple mechanisms were used to propagate them, such as mass-mailing worms using a single subject line.
Today's worms are more sophisticated. They have the ability to mutate after development based on knowledge of how to thwart new security processes. For instance, an early worm, Code Red, attacked only Internet Information Server servers. The Nimda worm, which came later, expanded to include at least three additional attack methodologies: mail-based attacks, file-sharing-based attacks, and attacks against the Internet Explorer Web browser.
Worms become easier to create
The potential for this worm-a-day nightmare comes from several factors: the dozens of vulnerabilities that are ready to be exploited, the availability of worm source code, recycled exploits and the ease of editing existing worms.
Before a worm can be developed, a network vulnerability has to be identified. Recent research from Arbor Networks on the transition from vulnerability disclosure to worm release shows that there are dozens of vulnerabilities ready to be used as the propagation vector in Internet worms. However, only a handful are developed into worms every year, resulting in a large number of untapped vulnerabilities that attackers could use to spread their worms in the future.
All these vulnerabilities might not be a big deal if worms weren't getting so much easier to build. With available source code, worm authors can expand on these tools or recycle methods seen in successful worms. These code bases provide an excellent starting point for an aspiring worm author and drastically reduce development time.
Examples of techniques and resources hackers are using to expedite worm development include the following:
- Agobot source code is available on the Internet. Mydoom had its source code distributed by a follow-up worm, and the Bagle and Netsky worms shared source code.
- Opening a command shell on a network port and other widespread vulnerabilities can be used to download the executable file during propagation.
- Re-releasing worms is becoming more common as hackers capture a spreading worm and modify it using a hex editor, usually to distribute a new payload.
- By being able to recycle routines, techniques and code from previous worms, a worm author has less to develop and test and can reuse methods that have already proved successful.
- A Survival Guide for Data in the Wild All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices...
- Transforming Security: Designing a State-of-the-Art Extended Team The information security mission is no longer about implementing and operating controls.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- Building an Intelligence-Driven Security Operations Center The openness of today's networks and the growing sophistication of advanced threats make it almost impossible to prevent cyber attacks and intrusions.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!