A new worm that quickly infects its victims via MSN Messenger is not terribly rampant and was mitigated by poor timing on the part of its author, but the Jitux.A worm does illustrate how use of new avenues of attack is likely to grow in the coming year.
It used to be that viruses and worms almost always traveled and spread through e-mail attachments and required a host file, but because of advances in the automation and complexity of malware, more and more malicious programs have begun using new methods to spread, such as instant messaging, peer-to-peer (P2P) networks and malicious Web sites.
“There are really some new ways for viruses and worms to transport and propagate themselves,” Symantec Security Response product manager Kevin Haley confirmed in an interview with TechNewsWorld. “They’ll get on a system and have three or four ways to look to spread themselves.”
Looking forward, Haley said, “we’ll definitely continue to see blended threats with multiple propagation techniques.”
Nixed by New Year
Although the newer avenues of attack are cause for concern, iDefense director of malicious code Ken Dunham said the Jitux.A worm, described as a typical instant messaging worm, is unlikely to go far.
“Timing is everything in the world of viruses, especially when you depend on user interaction,” Dunham told TechNewsWorld, adding that antivirus protection will block the Jitux worm by the time workers return from the holidays on Monday.
In addition, security experts reported, the Web site Jitux uses to trick users into accessing it has been disabled. Symantec’s Haley said antivirus vendors and other malware fighters typically report malicious Web sites to authorities, who then contact the appropriate ISP to block or disable those sites.
“We’re actually not seeing a lot of these,” Haley said of Jitux. “It’s in a tough position to spread because the Web site seems to have been knocked offline.”
Instant Means Instant
Nevertheless, Dunham noted, a worm that spreads via instant messaging moves much more rapidly than one that spreads by e-mail and can be difficult to defend against.
“It’s different than an e-mail worm because it spreads faster, it pops up, and it comes from a trusted user,” he said, referring to worms’ typical ability to appear to come from a known source.
Both Dunham and Haley referred to network-based attacks, such as Slammer, Blaster, Welchia and Nachi, which have demonstrated the effectiveness of going beyond e-mail to infect and spread. Both also agreed that the number of network attacks will almost certainly increase in 2004, as it did in 2003.
For Money, Not Fame
In addition to taking advantage of newer methods of spreading, Dunham said malware authors increasingly are writing and releasing computer viruses for profit, not publicity. Although virus writers historically have been viewed as “script kiddies” or teenage hacker types, security experts believe crooks and organized crime are leveraging malicious code more than ever before.
“It used to be notoriety, but now we see worms being driven for financial means, such as ID or banking theft,” Dunham said, adding that more IM-based and other attacks are in store for the new year.
“We’ve certainly seen an increase in IM worms,” he said. “It hasn’t been as quick as some other things like e-mail, but we’ve certainly seen an increase, and we expect to see more in 2004.”