A New Battle Against Viruses

Four years ago, the Internet community was caught off guard by a worm that sent itself in a message implying to be a love letter. The now infamous LoveLetter virus was headline news for days.

During this time users scrambled to protect their Computers and administrators suddenly had to work round-the-clock to keep companies IT systems up and running. Users at home had to take care when opening e-mails, and in general, IT security moved up a rung, both in terms of the measures adopted and the information in circulation.

Exactly four years later, computers around the world are once again under attack by a malicious code. The variants of the Sasser worm are the offenders this time and over just one weekend have managed to infect several million computers around the world.

There are significant differences between the two viruses, just as computers nowadays are also quite distinct from those four years ago. The most widely used operating systems at the time (Windows 98 and NT4.0) are now relics from the past and the software running on them are museum pieces compared with todays applications. Few people then thought that a personal firewall would be a basic tool for connecting to the Internet, or that affordable 24-hour connection would be anything more than a dream.

The main difference between Sasser and LoveLetter lies in the method they use to spread. LoveLetter was completely reliant on users making a conscious decision. If the e-mail carrying the virus wasnt opened by the user, they simply wouldnt be infected. This was the basic ingredient of social engineering, tricking users into infecting themselves.

Sasser however uses a system that needs no user intervention whatsoever. Victims have been infected by simply having a connection to the Internet, as was the case with SQLSlammer and Blaster. Thanks to a flaw in a component of Windows 2000 and Windows XP, the Sasser spreads without users having to do anything.

The key to preventing threats that exploit vulnerabilities is to update operating systems or vulnerable applications. To do this, system administrators need to invest time to correctly apply patches. These changes are not so straightforward when it comes to servers or other corporate operating systems. Even Microsoft recommends analysing the need to apply an update, and advises using test systems first before putting changes into production, once perfect functionality has been confirmed.

The creator of the Sasser worm, who is well aware of current concern about IT security, and in particular recent security initiatives launched by numerous vendors, has made every effort to get the virus into circulation as soon as possible, as any delay would prevent the worm from propagating as widely as intended.

This implies that gradually, and despite the rate of propagation of the Sasser worms, the war against cyber-delinquents is advancing. This has been another battle and, once more, users and administrators have been the casualties, but due to information and preventive measures, it is becoming increasingly difficult for malicious codes to spread.

All of us, developers, vendors and users alike, can play a part in ensuring that one day these battles are consistently won by those of us who would rather see a world without computer viruses.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter