Waves of viruses and false sense of security

By | March 19, 2004

Not long ago, at the end of January, we saw a wave of viruses burning a trail across the Internet. Now, barely a month later, another wave of malicious code is wreaking havoc on a similar, if not greater scale.

At time of writing, up to six variants of Netsky have been detected and seven variants of Bagle. And no doubt more variants will emerge over the next few days, as the creators of these viruses are recompiling and repackaging viruses in order to confuse both users and antivirus solutions.

In a very short period of time, the creators of these viruses have forced antivirus companies to release alerts at a rate never seen before. Because of this level of constant alert, user perception of the real virus threat can change radically. If users and administrators become desensitized to a constant level of alert, a false sense of security is created whereby any new alert is just treated as the norm.

As soon as a dangerous new malicious code appears and the alarm bells start ringing, users and administrators try to update systems and be on the alert for the dangers. However, it´s impossible to keep this level of alert up for any length of time and interest gradually tends to fade. This factor is something that virus creators are now beginning to exploit: to launch new viruses when the word ´alert´ is beginning to sound a bit tired. The theory is nothing new and “The boy who cried wolf” is a familiar tale to all of us. As the story goes, when the real wolf appears, it´s curtains for the sheep!

If we cease to pay attention to warnings about infections and take for granted alert situations, it´s quite likely that even more systems will fall prey to the viruses on the prowl at the moment and that appear over the next few days.

In this climate of cyber insecurity, it is also likely that there will be some kind of attack against Internet servers. Whereas hackers had a ´trial run´ with the Santa Cruz Operation with the Mydoom worm, it is easy to imagine large-scale attacks on other types of servers which could have serious, direct repercussions in financial spheres for example.

If a global attack on a large scale was aimed at the Federal Reserve or the Central European Bank, the world economic system itself could be dangerously affected. What is certain is that as such an attack is against ´virtual´ components, recovery from such an attack would be as quick (or long) as the recovery of these systems.

We cannot let the fact that there is a stream of successive alerts distract our attention, as this is precisely what a virus is looking for: to distract administrators in order to infiltrate systems. In fact, if anything, it is a time to be as alert as ever, and take the necessary security precautions at all times. In this way, systems will be properly protected regardless of how many variants of Netsky, Bagle or the next virus appear.

Leave a Reply