Fizzer fizzles, but security threats remain for companies

Computerworld - This week's Fizzer worm appears to have had little impact on corporate networks, according to users and analysts.
But with a growing number of users logging into corporate networks from home and other relatively insecure remote locations, the malicious code and spyware that such viruses leave behind on unprotected systems could prove to be a long-term headache for companies.
The Fizzer worm represents an emerging class of malicious code that relies on a variety of ways to try and circumvent increasingly sophisticated corporate network defenses.
The worm was contained in executable e-mail attachments with innocuous subject headers (see story). In the vast majority of cases, users had to click on the e-mail attachment before the virus could start executing code.
In general, companies with updated antivirus software and policies for filtering executable e-mail attachments would have been protected against Fizzer, said Russ Cooper, an analyst at TruSecure Corp. in Herndon, Va.
Companies that haven't yet taken such basic perimeter-defense measures are simply being "derelict in their duty," said Pete Lindstrom, an analyst at Spire Security LLC, a Malvern, Pa.-based consultancy.
But workers who dial into the corporate network from home and other remote locations may not always have the same defenses and are therefore more vulnerable to having their systems infected by such viruses, said Michael Allgeier, data security officer at the Colorado River Authority in Austin.
This could prove dangerous because of the payload carried by viruses such as Fizzer, said analysts. According to F-Secure Corp., a Helsinki, Finland-based antivirus software vendor, Fizzer is a complex e-mail worm that contains "a built-in IRC [Internet Relay Chat] backdoor, a denial-of-service attack tool, a [keystroke-logging] Trojan, an HTTP server and other components."
Such capabilities could allow hackers to remotely control compromised machines, steal data from them or mine them for passwords, analysts said. Connecting such a compromised system to a corporate network could allow hackers to burrow past other defenses.
"I think the biggest security threat today is remote users," said David Krauthamer, director of IS at Advanced Fibre Communications Inc., a Petaluma, Calif.-based manufacturer of telecommunications equipment. "VPN access is proliferating, and with the onset of wireless home networking, it's becoming easier to gain an access foothold to a corporate network."
"We don't have any control over remote workstations or home PCs or kiosks or wherever it is that people access our networks from," Allgeier said. "We can't really rely on personal firewalls and antivirus software to detect Trojans and keystroke-loggers."
Advanced Fibre Communications has begun to roll out software from Austin-based software vendor WholeSecurity Inc. that scans individual desktops for such malicious code. It's looking to deploy the code for remote users as well.
Companies need to ensure that remote workers are covered by the same security polices that govern the corporate network, Lindstrom said. "It's a question of evaluating all the different attack points and distributed components in your environment," and protecting them, he added.