Flurry of Worms Hits Companies Already on Guard

A handful of smaller worms are loose in the wild, and though they’re not as wide-spread or

as destructive as some of their malicious counterparts, they’re causing a flurry of problems

around the globe.

Netsky-B and Bagle-B are just two of the viruses that have come out in the past few days,

and while neither is shutting down networks or crowding out bandwidth, both are picking up

speed. They’re also a nuisance at a time when IT and security managers are on guard for an

expected Blaster-type virus for a buffer overflow flaw in Microsoft’s Windows, as well as an

attack based on Windows 2000 source code that was leaked into the hacker underground.

”It’s sort of like a pack of dogs nipping at your heels when you’re waiting for the big pit

bull to come and bite you,” says Chris Belthoff, a senior analyst at Lynnfield, Mass.-based

Sophos, Inc., a anti-virus and anti-spam company.

Both Belthoff and Mark Sunner, chief technology officer with New York-based MessageLabs,

Inc., say there’s nothing particularly remarkable about the new slate of worms that have

recently hit the wild. Netsky-B is causing little activity. Bagle-B, even though it can be

easily filtered out at the gateway because it carries an executable attachment, is causing

more trouble.

MessageLabs analysts reporting intercepting 95,000 copies of Bagle-B by noon today. The

virus peaked yesterday but is still spreading steadily. At this point, 25 percent of the

infected emails have originated from the United States. Even though it is only a

medium-level threat right now, the worm installs a Trojan so it has the ability to

compromise infected machines to send spam, steal information, etc. It’s another example of

spam and virus threats converging.

”With these new worms, we’re not seeing anything approaching the MyDoom numbers, but it’s a

steady trickle of interceptions,” says MessageLabs’ Sunner, who adds that he believes that

spammers are behind many of the worms, such as MyDoom, that open backdoors and set up

proxies.

According to Sophos, Bagle-B spreads via email and arrives with the subject line ‘ID’

followed by various random characters and the message text ‘Yours ID’. An attached .exe

file, has a randomly generated filename. If run, a remote access component allows hackers to

gain remote access to infected computers.

The worm harvests email addresses from infected PCs and, when forwarding itself on to other

computer users, spoofs the “From:” field using addresses found on the computer’s hard drive.

Like its predecessor, Bagle-A, this worm has a built in ‘dead date’ and has been designed to

fall dormant on 25 February 2004.

As for Netsky-B, the worm spreads via email — forwarding itself to email addresses found on

the hard drives of infected computers — along with Windows network shares. The worm

searches for directories on the infected machine that contain the word ‘share’ or ‘sharing’.

It then copies itself into these file sharing or instant messaging folders and replicates

itself through them.

But Central Command’s Steve Sundermeier warns that these worms may just be the prelude to

the big attack.

A chunk of Microsoft source code for Windows 2000 has been leaked to the underground

community, and despite Microsoft’s warnings, analysts say they’re quite certain that

blackhat hackers are studying the code for vulnerabilities that could be used to create a

massive virus.

”There is concern that the underground world try to find exploits in that source code,”

says Sundermeier. ”Once you have the source code, you can see exactly how to exploit that

piece of software. It was just a section of the code, but even just a section can lead to

potentially dangerous vulnerabilities and exploits.”

But there is even more danger that a Blaster-like virus will be built based on the critical

flaw in Microsoft’s implementation of the Abstract Syntax Notation 1 (ASN.1) data standard.

Analysts worry that a bug based on that flaw could cause major denial-of-service attacks

against unpatched systems.

Microsoft issued a patch with a ‘critical’ rating for the flaw last week.

”There’s a high probability for a virus to be written based on the flaw,” says Belthoff.

”We haven’t seen anything circulating on it yet, but it definitely has great potential.’

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020