According to Trend Micro Incorporated, (TSE: 4704, NASDAQ: TMIC), a leader in network antivirus and content security software and services, the current trend in worms seems to be going the bot route. Bots, or programmes that operate as an agent for a user or another programme, are most often seen as malware and keep attacking unsuspecting users in surprisingly high numbers.
Most bot worms are built in a modular fashion. This means that the creator of the programme can choose from among a number of different attack methods, including vulnerability exploitation, mass-mailing, and P2P (peer-to-peer) propagation, as well as the parameters for each of them. The result is an ad hoc worm, specially engineered to accomplish its objectives: stealing information and keeping control of the infected computer.
“The idea of modularity in these types of worms has been confirmed in WORM_RBOT.CBQ and WORM_ZOTOB, two network worms that grabbed headlines last summer,” says Justin Doo, managing director, Trend Micro Middle East and North Africa. “Network vulnerabilities can be used as a propagation method as soon as the exploit is available. When a piece of code is written to exploit a specific vulnerability in an operating system and is published on the Internet, the creators of these worms can just attach it to the old code of the worm, recompile it and a new dangerous worm is ready to be unleashed.”
This translates into shorter times to achieve network exploitation in the very near future. Here is a list of network vulnerability exploitation times for some prominent worms:
WORM_NIMDA -- 366 days;
WORM_SLAMMER -- 185 days; WORM_BLASTER -- 26 days; WORM_SASSER -- 18 days; and
WORM_ZOTOB -- 5 days.
Because worms nowadays can be created at such rapid speeds, PC users worldwide face even greater threats. The possible ways to fight against this are:
*Patching home systems immediately as the updates are made available on the Microsoft Web site. Automatic updates are just not an option anymore. The security of our home systems is at stake just by being connected to the Internet.
* In corporate settings, deploying software and hardware systems that specifically defend against these threats. Detecting and blocking the network packets that the worm uses to exploit the vulnerability is by far the best prevention against this kind of malware. These systems include IDS (intrusion detection systems), specific network-antivirus systems like Trend Micro Network VirusWall® or Trend Micro Personal Firewall, which can block the reception of shellcode packets even if the underlying system is still vulnerable.
About Trend Micro, Inc
Trend Micro, Inc. is a leader in network antivirus and Internet content security software and services. The Tokyo-based corporation has business units worldwide. Trend Micro products are sold through corporate and value-added resellers and managed service providers. For additional information and evaluation copies of all Trend Micro products, visit our Web site, www.trendmicro-middleeast.com
# # #
Trend Micro and the t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company or product names may be trademarks or registered trademarks of their owners. Information is accurate time it was written and is subject to change without notice.
