Peer-to-peer applications, spyware and Trojans pose an increasing near-term threat to security administrators and corporate networks, according to new threat-analysis research from I.T. security authority TruSecure. In 2004, the biggest threat for enterprises will be perimeter-killer worms — like SQL Slammer, Blaster and Nachi — that do not use e-mail to attack computers and networks, says Bruce Hughes, director of malicious code research at TruSecure’s ICSA Labs.
File-Sharing Vulnerabilities
“Most organizations are blocking executables at the gateway to stop viruses, but we recommend that they add default-deny at the gateway,” Hughes told NewsFactor. “We will also see more mass-mailer attacks, such as SoBig, but they will primarily hit home users.
Because of a large number of both known and unknown vulnerabilities in Linux, Microsoft and Internet Explorer that have not yet been patched, Hughes said, an increase in “Zero Day” surprise attacks can be expected as well. In most cases, though, businesses will have to wait for antivirus technology vendors to respond to those threats.
There will be a continuing surge in malware intentionally posted and unknowingly shared on P2P file-sharing networks, Hughes predicts. Up to 60 percent of the files collected via Kazaa, the popular program for downloading free files and music, were viruses, Trojan horse programs and backdoors, according to his research.
“Hackers are putting Trojans in Kazaa using words like ‘XP,’ ‘crack,’ or ‘porn’ in hopes that they will be picked up by users,” said Hughes. As a result, businesses are well advised to warn their employees about the dangers posed by file-sharing applications.
Focus on Spyware
As for spyware, TruSecure research has detected piggybacking programs that take advantage of the software’s user-tracking capabilities. This type of assault also can result in Web pages being altered.
“We are seeing more malicious code that installs like spyware through Explorer,” said Hughes, pointing out that companies like Symantec are focusing on spyware as a serious threat to network security.
Many of the top viruses in 2003 used malware that installs open proxies on systems, targeting broadband users, in particular, since faster connections can speed the spread of spam. The proxy hides the true origin of attacks, whether from viruses, worms or spam, allowing spammers to send e-mail through these systems.
Government Crackdown Expected
In response to the number and severity of attacks in the past year, TruSecure projects that the U.S. government will get serious about cracking down on virus writers. “They need to make some arrests to send a message,” Hughes said, adding that Microsoft’s offer of bounties on hackers is another indication that the attacks will not be taken lightly.
Enterprise Security Today
Related
- KaZaA is #1 Spyware Threat on the Net
- Study Predicts Increase in Attacks from P2P Networks
- IM and P2P attacks skyrocket
- Problems caused instant messaging, P2P and Skype cost companies nearly $130,000 per year
- Protection against
