A new battle against viruses

By | May 11, 2004

Four years ago, the Internet community was caught off guard by a worm that sent itself in a message purporting to be a love letter. The now infamous LoveLetter virus was headline news for days. During this time users scrambled to protect their PCs.

Administrators suddenly had to work round-the-clock to keep companies´ IT systems up and running. Users at home had to take care opening e-mails and in general, IT security moved up a rung, both in terms of the measures adopted and the information in circulation.

Exactly four years later, computers around the world are once again under attack by a malicious code. The variants of the Sasser worm are the culprits this time and in just one weekend have managed to infect several million computers around the world.

There are significant differences between the two viruses, just as computers nowadays are also quite distinct from those four years ago. The most widely used operating systems at the time (Windows 98 and NT4.0) are now relics from the past, and the software running on them are museum pieces compared with today´s applications. Few people then thought that a personal firewall would be a basic tool for connecting to the Internet or that affordable 24-hour connection would be anything more than a dream.

The main difference between Sasser and Loveletter lies in the method they use to spread. Loveletter was completely reliant on users making a conscious decision. If the e-mail carrying the virus wasn´t opened by the user, they simply wouldn´t be infected. This was the basic ingredient of social engineering, tricking users into infecting themselves.

Sasser however uses a system that needs no user intervention whatsoever. Victims have been infected from simply having a connection to the Internet, as was the case with SQLSlammer and Blaster. Thanks to a flaw in a component of Windows 2000 and Windows XP, the Sasser spreads without users having to do anything.

The key to preventing threats that exploit vulnerabilities is to update operating systems or vulnerable applications. To do this, system administrators need to invest time to correctly apply patches. These changes are not so straightforward when it comes to servers or other corporate operating systems. Even Microsoft recommends analyzing the need to apply an update, and advises using test systems first before putting changes into production, once perfect functionality has been confirmed.

The creator of the Sasser worm, well aware of current concern about IT security, and in particular recent security initiatives launched by numerous vendors, has made every effort to get the virus into circulation as soon as possible, as any delay would prevent the worm from propagating as widely as intended.

This implies that gradually, and despite the rate of propagation of the Sasser worms, the war against cyber-delinquents is advancing. This has been another battle and, once more, users and administrators have been the casualties, but due to information and preventive measures, it is becoming increasingly difficult for malicious code to spread

All of us, developers, vendors and users alike, can play a part in ensuring that one day these battles are consistently won by those of us who would rather see a world without computer viruses.

Leave a Reply