The Future of Viruses

posted onJune 28, 2000
by hitbsecnews

It was a fun week of "Love and Bugs" and in some ways our company is still
full of it. Anyway, it could have been a lot worse. I work for very large
(Anonymous) corporations where their address books are on a global scale
of 20,000+. When I was getting calls very early in the morning about the
worm I was surprised just like everyone else. That day started around
3AM, thank you. I belong to many newsgroups about security and viruses
and I was still caught off guard. Updated virus software did not make
a difference; a security nightmare was turning true.

Once is
saw what the worm was doing and how it was propagating, I tried to make
the call to cancel all email activity so I could stop further infection
and research the net. But was more or less the security office and I was
vetoed. I heard "we can not do business without email." We lost 4 servers
(out of 10) before six and I really don't know how many machines were
infected at that point. This was after I had the problem announced over
a loudspeaker system, and emailed a warning and instructions to everyone.
I have never seen anything spread so fast even Melissa last year was nothing in comparison. Now that everything is kind of back to normal and there
are many lessons learned, it could have been worse. Please everybody do
incorporate these thoughts into the next generation viruses!

1. The virus could have had a search string for groups to hit them first
and then go to the individual contacts. This would help in spreading faster.
After last week I moved all of ours towards the bottom. I also made a
group comprised of myself and the other security members. I placed this
group and the start of the address book and the bottom, if something like
this happens again.

2. A larger attachment just under 1.4 MB to slow downs the servers with
less propagation.

3. Relation to the "Bubble Boy" where the recipient does not have to even
open the attachment. This is the step that will change the whole security
standpoint on email and there will have to be a solution before this is
really taken advantage of in the virus world.

4. Could have infected more business documents like Office and other database
extensions. And then send those alone or with the worm. If sent alone
it would create more havoc because getting office doc's would be less
suspicious.

5. More destructiveness to windows is going to be in future virus but
will probably happen after it completes the sending of the entire address
book.
6. Polymorphs after the first round of the address book. And then resend
to the address book. The worm could change message or subject line and
go on to round two.

7. BIOS damage like Chernobyl.

8. Spreading
by shared folders and other back doors of freeware programs. A future
look into the spreading. Not too many people know about what some freeware
programs will give to others on the net. Look for the IP address + shared
drive to be a vulnerability in future viruses. As of now people just usually
look at the data instead of infecting the drives.

The biggest vulnerability is the factor of human element (a future article
by myself), or clicking on the attachment. This would have been no big
deal if everyone practiced basic computer security. And the other is way
Anti-virus programs operate. Scanning for known viruses within the program
database or Symantec's bloodhound technology. The requirement and process
to be updated, we saw this instance when everyone was getting hit with
the I LOVE YOU in which resulted in an "almost DOS" on sites by so many
people trying to get through. The last statement is going to be a big
debate after last week and will make the vendor who comes out with the
solution first will be on the top. With the way programs are changing
and the allowance of the programs to access core Windows Operating System
(API/Open technology), anti-virus programs will have to always be one
step behind.

CptZZap

1.)
HardAttack
: Review of Gateway Microserver -
L33tdawg

2.)
Setting up
a DHCP server (Part 2) -
L33tdawg

3.)
WINS
vs DNS -
Haven

4.)
Self
Actualisation through broadband
- L33tdawg

5.)
Somebody
loves you - an analysis of the ILOVEYOU Worm -
Black Hand

6.)
Distributed
Tools -
sasha / lifeline

7.)
Fun
with Windows (Part 2) -
xearthed

8.)
Inside
the box : Comparison of Linux distributions
- Liquid Sphear

9.)
A look at
SNMP
- Haven

10.)
Things
to do in Ciscoland when you're dead
- gauis

11.)
Future
of Viruses
- Cpt ZZap

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes