Sunday, September 19, 2021

Virus Attacks Reach ‘Epidemic’ Proportions

Wave after wave of new worm variants are pounding IT managers, as well as anti-virus

vendors, threatening to overwhelm current security measures.

Just as the industry was reeling yesterday from the weekend release of a new Netsky variant

and five new Bagle variants, another two Bagle variants and one more Netsky variant have hit

the Internet. The variants are coming so fast that at least one anti-virus vendor has warned

its users to update their software every hour.

”It’s like a tsunami wave, with all the variants crashing down at once,” says Ken Dunham,

Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence company

based in Reston, Va. ”We’re getting wave after wave of attacks and they’re significant

attacks… It’s a constant deluge. It’s annoying and it’s frustrating and people are getting

tired of it.”

Anti-virus company, Panda Software, is calling the attacks an ‘epidemic’.

Netsky-D, alone, has caused $58.5 million in damages worldwide, according to mi2g, a

London-based security assessment company. And as that variant continues to wreak havoc

across the Internet, Netsky-E has been discovered. The latest variant spreads via email and

network shares, but so far is not causing as much trouble as its predecessors.

”Whoever is behind the Netsky worms is hell bent on causing as much chaos as possible,”

says Graham Cluley, senior technology consultant for Sophos, Inc., a Lynnfield, Mass.-based

anti-virus and anti-spam company. ”They have deliberately released new versions of their

virus, tweaked to try and avoid detection by anti-virus software. Computer users should heed

the warning and be wary of any unsolicited email attachment.”

The Bagle family ushered in Bagle-H and Bagle-I yesterday. Bagle-H, which Sophos upgraded

from a low to a medium threat, is an email worm which contains a password-protected Zip file

which avoids anti-virus detection. When the attachment is opened, the worm opens up a

backdoor on Port 2745 and waits for commands from the virus author. Bagle-I follows the same

pattern but has been tweaked to avoid detection by anti-virus software programmed to stop

Bagle-H.

”As soon as detection for a new variant is added to anti-virus software, literally, within

a couple of hours we’ll see the slightest modification done to a new variant to avoid

detection,” says Steve Sundermeier, a vice president at Central Command, Inc., an

anti-virus company based in Medina, Ohio. ”It’s very apparent to me that there’s a cat and

mouse game going on. With this kind of timing, this has to be a deliberate attack trying to

strain anti-virus companies.”

But while anti-virus companies are struggling to keep up with the deluge of attacks,

corporate IT managers are faced with the same problem. They’re fighting to keep anti-virus

software updated, to keep users from panicking and to keep software patched.

” That strains us but IT managers have to be on their toes at all times, as well,” says

Sundermeier, who adds that Central Command has told its large customers to update their

anti-virus software every hour, as opposed to once a day or every four to six hours. ”This

is a definite strain on the IT field. When you have variants C,D,E,F,G,H,I within a matter

of 72 hours, that’s crazy.”

Dunham of iDefense says he’s concerned that it’s simply not feasible for some IT managers to

have the time and capacity to update their anti-virus software that frequently.

”My question is, How reasonable is that?”, asks Dunham. ”IT managers are having to change

the way they operate. It’s all about how rapidly they can respond to wave after wave of

attack. They’re on the line to be in the know about what’s going on as it’s happening. If

they don’t have up-to-date information, they’re hanging in the wind.”

Similar articles

Latest Articles