Many attackers can be stopped

Just as the threat of the Code Red worm began to die down, a new, more sophisticated worm has recently appeared and some experts say this is just the beginning.

Code Red II isn't a direct variant of the original Code Red. It's similar, but more lethal. Code Red II is virtually identical in its entry method and uses unpatched Internet Information Servers (IIS) to gain access to machines.

"The main difference between [Code Red II] and Code Red I is that Code Red II actually drops a hacker agent onto the system, enabling the virus writers to gain control of infected systems," says Sandi Meyer, communications manager at Trend Micro Inc., a security vendor in Cupertino, Calif.

Another difference between the two is that Code Red II is unable to infect Windows NT machines running IIS without crashing them.

Meyer said she thinks there may be a rash of such worms. "Since virus writers are into notoriety, and the press coverage on Code Red has been major, it wouldn't surprise me to see more copycats of this nature," she says.

Joe Hartmann, director of North American virus research at Trend Micro, says he holds a similar opinion on the future of viruses. But, he added, many of the new viruses that get unleashed will be simple and easier to deal with.

"In terms of viruses, we will continue to see many more simple viruses written by virus writers with limited programming knowledge," says Hartmann.

In regards to complex viruses, he makes another prediction. "I also predict more complex viruses, which will be more difficult to detect and remove.," he says. "Luckily, we only get very few complex viruses every year."

Hartmann said another weapon in the antivirus arsenal is that many virus writers simply work off of virus kits available on the Web. This means that antivirus software can detect similarities between the new virus and its parent virus. It also allows programmers to easily blunt such attacks.

While users become familiar with the name Code Red, they must also remember another danger that's close at hand: the network-aware virus.

Network-aware viruses are able to spread undetected among shared drives, folders and mapped drives. They spread relatively quickly and subside after a few days. However, because the user may not be aware that he or she is infected, the computer can become reinfected and inflict even more damage.

"As fast as they come, is as fast as they go," says Hartmann.

According to Hartmann, the top three viruses, Sircam, Magistr and Funlove, were able to infect more than 200,000 computers within the past 30 days. Sircam infected almost 100,000 users, Magistr infected 70,000 and Funlove infected 37,000.

Although the number of infections is beginning to die down, users should still beware of the Sircam virus. Sircam is able to spread itself via e-mail and deletes all files and folders on a user's hard drive. Affected users will be unable to boot back into their Windows Operating system. Trend Micro has had reports of this virus from more than 100 countries.

As the world continues to advance technologically, viruses not only find new ways to infect computers, but they also find new victims.

There have been four viruses and Trojans found for Palm Pilots. Although the threat is currently minimal, as the Palm Pilot continues to progress, so will the threat of viruses.

"At this point, [personal digital assistants] are still limited in their functionality. However, once they start to replace our desktops and notebooks, more malicious code will be written for them," Hartmann says.

Viruses have intensified through the power of the Internet, and have spread through the world like a flame in the wind.

There are more than 55, 000 viruses in existence, and the number is growing at a steady rate. Because of the threat of viruses, users must remain alert to the dangers they face.

"Viruses have become smarter, " Hartmann says. Experts say it's up to the user to learn ways to prevent the infection of their computers.

As for the threat of the new Code Red worm, there is one way to prevent infection. Because Code Red II uses the same method of entry, users can still employ the patch to protect themselves from the worm. The patch will also help shield users against any future threats targeting this particular flaw in IIS.

In regards to other viruses, the following are some tips that will help deter the infection of your computer:

  • Keep your antivirus programs updated.
  • Lock any executable files you don't need.
  • Keep your operating system updated.
  • Be cautious when opening e-mail attachments by scanning them. Viruses are more likely to come from friends and family rather than strangers.
  • Avoid programs from unknown sources and be aware of new viruses.

Copyright © 2001 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon