Worm Highlights Threat Posed by Virus Tool Kits

But basic precautions should keep corporations safe, users and analysts say

The ready availability of virus-generating tool kits will continue to make it relatively easy for even amateur crackers to write worms such as the recent Anna Kournikova virus, analysts and users warned.



According to a recent IDC survey of 1,000 corporations:

Viruses are the most common form of security problem for corporations.

90% of the respondents said they had been hit by a virus.

Antivirus software is the most commonly used security technology.

But since many of these kits rely on previously used methods for creating and propagating viruses, damage can be minimized if corporations take basic precautions, they said.

The Anna worm was allegedly created by a 20-year-old Dutchman who calls himself "OnTheFly." He turned himself in soon after to police in the Netherlands. Analysts believe he used an easily available virus-generation tool kit called the VBS Worm Generator to write the worm. Such kits, written by hackers, are usually available for free download over the Internet.

Though that particular kit has since been pulled from the Internet by its Buenos Aires-based developer, analysts said there are literally scores of similar ones that can be used by would-be crackers to easily write similar worms.

The kits go by names such as Instant Virus Production Kit, Satanic Brain Virus Tools, The Trojan Horse Construction Kit and The Virus Factory.

Many come with easy-to-use interfaces and pop-up help files that walk would-be crackers through the process of creating a virus - from choosing a name for it through choosing a way to spread it.

Some tool kits, including the one used to create the Anna worm, let users choose from a variety of payloads that range from self-replication to attempting to crash networks.

"It's all very menu-driven and easy to use. . . . It is just a question of a click here and a click there," said Roger Thompson, an analyst at Reston, Va., security firm TruSecure Corp.

"The guy who launched the Anna virus didn't even have to change many of the default options [to get the worm to work]," he said.

"You are talking about giving something that can create a lot of damage to just about anyone in the world with access to the Internet," said Ira Winkler, president of the Internet Security Advisors Group.

What make some virus-generation kits particularly dangerous is that they allow even amateur crackers to add variations that can sometimes help them slip through antivirus defenses, Winkler added.

The Anna virus, for instance, was able to break through many antivirus barriers because it used an encryption feature available in the tool kit, analysts said.

Yet despite the ease with which the Anna virus spread, most worms generated by tool kits use well-understood and predictable ways of creating and propagating a virus, said Josh Turiel, MIS manager at Holyoke Mutual Insurance Co. in Salem, Mass. This makes worms relatively easy to detect and block using antivirus tools and generic filtering approaches, he said.

"Back around 1997, somebody generated 15,000 viruses from a single kit—all of which were detected by just about every single virus vendor," said Thompson.

In addition to antivirus technologies, Holyoke Mutual simply blocks all e-mails with Visual Basic Script (VBS) attachments from its network. "We had 30 copies of the Anna virus bounce off our network in about three hours," Turiel said.

"The organizations that are going to continue getting nailed by such attacks are those that still don't have any central control over their e-mail, and small companies with no security [infrastructures]," he added.


Copyright © 2001 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon