Computerworld - The economic impact of Internet worm attacks is staggering, with analysts reporting that the Bagle, Netsky and Mydoom worms combined caused several billion dollars in damage from lost productivity, business disruption, bandwidth consumption and manpower costs. While there were many worms in the past 18 months, there were only a few devastating ones, giving companies a somewhat false sense of comfort.
Now imagine a world where worm attacks frequently occur because hackers and rogue developers have access to "worm kits" or development tools that provide the basic building blocks for rapid worm development.
Historically, worms were basic clones of one another that didn't change after their original development. Simple mechanisms were used to propagate them, such as mass-mailing worms using a single subject line.
Today's worms are more sophisticated. They have the ability to mutate after development based on knowledge of how to thwart new security processes. For instance, an early worm, Code Red, attacked only Internet Information Server servers. The Nimda worm, which came later, expanded to include at least three additional attack methodologies: mail-based attacks, file-sharing-based attacks, and attacks against the Internet Explorer Web browser.
Worms become easier to create
The potential for this worm-a-day nightmare comes from several factors: the dozens of vulnerabilities that are ready to be exploited, the availability of worm source code, recycled exploits and the ease of editing existing worms.
Before a worm can be developed, a network vulnerability has to be identified. Recent research from Arbor Networks on the transition from vulnerability disclosure to worm release shows that there are dozens of vulnerabilities ready to be used as the propagation vector in Internet worms. However, only a handful are developed into worms every year, resulting in a large number of untapped vulnerabilities that attackers could use to spread their worms in the future.
All these vulnerabilities might not be a big deal if worms weren't getting so much easier to build. With available source code, worm authors can expand on these tools or recycle methods seen in successful worms. These code bases provide an excellent starting point for an aspiring worm author and drastically reduce development time.
Examples of techniques and resources hackers are using to expedite worm development include the following:
- Agobot source code is available on the Internet. Mydoom had its source code distributed by a follow-up worm, and the Bagle and Netsky worms shared source code.
- Opening a command shell on a network port and other widespread vulnerabilities can be used to download the executable file during propagation.
- Re-releasing worms is becoming more common as hackers capture a spreading worm and modify it using a hex editor, usually to distribute a new payload.
- By being able to recycle routines, techniques and code from previous worms, a worm author has less to develop and test and can reuse methods that have already proved successful.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts