Watch Out: Worms are Getting Smarter, Expert Warns

posted onJuly 12, 2001
by hitbsecnews

Peer-to-peer networks may be breeding ground for the next generation of nasties

Popular peer-to-peer applications like Napster will quietly nurture the next generation of Internet worms, a computer security consultant says.

Worms, an increasing security problem, replicate themselves and crawl through computer networks to infect any connected PCs. That capability to reproduce and to take advantage of networks makes peer-to-peer setups an ideal breeding ground.

Most worms take advantage of well-known but uncorrected vulnerabilities in software and operating systems to propagate across the Internet, warns Jose Nazario, a biochemistry graduate student and member of a loosely knit group of computer experts known as Crimelabs. He addressed the fifth annual Black Hat Briefings, a security training conference focusing on malicious intruders, here this week.

"Worms are relatively easy to put together," Nazario says. "And once you've released [the worm], it works in an exponential fashion."

Mobility Is Dangerous

Similar to viruses, worms are malicious programs that propagate across PCs carrying a payload of software that lets the worm perform other functions. The payload is the danger, because it may be a Trojan horse (a destructive program disguised as something benign) that could convey information about your system back to its originator. But unlike viruses, Nazario says, "worms are self-propelled. Worms simply execute on their own time scale." Nazario's group calls worms "autonomous intrusion agents."

They're also hard to spot because they don't typically carry an identifiable extension and can look like any type of program. Several recent worms have carried a .vbs extension because they were written in Microsoft Visual Basic. The Anna Kournikova worm, for example, posed as a photo of the tennis star. It was primarily an e-mail clogging nuisance because it automatically sent itself to everyone in each recipient's e-mail address book.

The first widely known worm was released in 1988 by Robert Morris, then a Cornell University student who created the program as an experiment. The Morris Worm, as it is now known, shut down a significant portion of the then-nascent Internet and got Morris expelled from the university.

Dumb Worms Die Out

Most of today's worms are still fairly low-tech. Nazario calls them "primordial soup, where you see that they work like a bunch of unincorporated molecules interacting, but almost can't believe it." He refers to one recent worm as "cobbled together, not even with duct tape, but with Scotch tape."

Current worms are fairly easily controlled, he adds. Their activities prompt lots of attention, Nazario says. They are easily blocked because they repeatedly use the same methods to probe and attack vulnerable target computers. And they're hard to aim at a specific target due to the haphazard nature of their propagation, he adds.

But since the Morris Worm squirmed online, worms have evolved to take advantage of new exploitable vulnerabilities.

"We expect to see a paradigm shift towards more dynamic worms in the next 12 to 18 months," Nazario says.

Those next-generation worms will use popular file-sharing programs like Napster and Gnutella to transmit themselves, Nazario says. He expects the new worms to become increasingly stealthy. As a result, "we'll be seeing online updates and an emphasis on steganography, the embedding of messages inside of other kinds of files like MP3s or pictures, so they can spread somewhat anonymously," Nazario adds.

Smarter Worms Live Longer

New worms will be smarter and have some self-preservation techniques, Nazario says. For example, they will verify the integrity of the source of updates, in order to avoid a "poison injection" of code intended to stop them. Also, they will pace themselves to avoid detection by the large volume of Internet traffic they generate as they spread.

Nazario thinks the next generation of worms may function more like specific organs in a body, with parts performing different functions on different machines, rather than like a single do-everything program.

Nazario's organization Crimelabs is releasing a report on the state and nature of Internet worms next week. But the crux of its message is also Nazario's focus at the event: Worms are only as effective as PC users let them be, and worms will always target the low-hanging fruit: Careless users who leave themselves vulnerable make easy prey.

"We need to keep things up to date, and we suck at that," he adds.

PCWorld

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs