Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog

 
Archive

<< 2010  
Jan Feb  
     
     
     
Most Popular Analysis

Monthly Malware Statistics: January 2010



Online games and fraud: using games as bait



Monthly Malware Statistics: December 2009



Keyloggers: How they work and how to detect them (Part 1)



The botnet ecosystem
 
For Potential Authors
Contact us!

Want to become one of our authors and see your work published on Viruslist.com? Contact us!

 		 

  Home / Analysis

Rise of the 'business worm'?

Aug 19 2005   |   comment

David Emm
Senior Technology Consultant, Kaspersky Lab UK

For some time now, Kaspersky Lab has been tracking a shift in virus writers' tactics. The relative decline in the number of global epidemics during the last year signals a move away from the use of mass attacks on users worldwide. Instead, attacks are becoming more localized.

Of course, changing tactics are nothing new in the field of malicious code. Technological advances have always been the chief driving force behind change. The emergence of the Internet as a means of doing business formed the backdrop to the development of Internet-borne malware. The technological 'tug-of-war' between malware authors and security vendors has also influenced the development of malicious code.

However, technology is not the only factor involved. Social dynamics have an equal influence on the direction in which malware develops. The heavy use of social engineering techniques to lure unsuspecting users into running malicious code is just one example of this. The anatomy of the current Bozori worm outbreaks provides another clear example of the social dynamic in malware development.

On the face of it, Bozori is no different to earlier Internet worms like Blaster or Sasser: it uses an exploit to spread directly to vulnerable machines. Yet there's no global epidemic! We've seen no tell-tale signs of an epidemic on the Internet. And we've had no reports of infection from individual users.

There's no question that this worm is spreading. However, it seems to be confined to localized 'explosions' inside large corporations. These organizations, typically made up of 'small internets' behind heavily defended Internet gateways, have experienced infection.

Bozori, it seems, causes local outbreaks, whenever it's able to reach the critical mass (and this is heavily dependent on the level of management in the organization). The worm can't reach many machines over the Internet because these days everybody deploys a firewall. However, a worm can penetrate a local network without going through the firewall: when an infected laptop is brought into a network with, let's say, 50 Windows 2000 machines, chaos erupts. That's why small companies and home users haven't been affected. On the other hand, a number of globally interconnected corporations, running large networks of computers - practically their own reduced versions of the Internet – have been hit badly.

The Bozori incident suggests that we're on the threshold of a new era, in which 'business worms' will cause 'local network outbreaks' in large corporations, but will have little effect on the Internet as a whole.

This trend is not caused by any technical change in the way virus authors code their malware. What has changed is a shift in the social organization or social dynamics. Organizations have been secured behind their 'impenetrable' firewalls, filtering all e-mails and stripping all executable content. Businesses felt secure and confident that no attack could reach them. The blow from the inside was all the worse for being totally unexpected.

 		 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com