Worm Wave Rolls On - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Worm Wave Rolls On

Users seek an end to the torrent of infections plaguing the Internet, but security vendors and analysts say there's no silver bullet or comprehensive patch--and new variants keep on coming.

While hackers bicker back and forth, all users want is an end to the torrent of worms that's ravaged the Internet this week.

While it's not difficult to stymie one worm, it's a different story when that one becomes a tsunami that just keeps coming, security analysts said Thursday as they offered advice. Unfortunately, said Ken Dunham, director of malicious code research at iDefense, "there's no single magic bullet and no comprehensive patch against all of these new worms."

Chris Potter, an analyst at PricewaterhouseCoopers in the United Kingdom, agreed. "Anti-virus software alone doesn't solve the problem."

That's not surprising, what with the sheer number of worms that have struck in the last seven days: 16 by Network Associates' count, including 9 Bagles, 4 Netskys, 2 MyDooms, and 1 Hiton.

Because all of these worms deliver their payloads disguised as file attachments to E-mail messages, the oldest advice remains the best. "First and most important--and this is a social engineering aspect that's a little hard to master--don't open or execute unexpected E-mail attachments," Brian Foster, product manager for Symantec's anti-virus group, said during a Web conference Wednesday.

But as the dramatic spread of some of these worms shows, not everyone heeds the advice. The problem is that worms hijack addresses from infected machines to propagate, leaving the next victim to believe that the message comes from someone he or she knows, and it, and its attachment, can be trusted.


"If you're not expecting an attachment from somebody, be wary of opening [it]," Foster said.

Another practice that can prevent infection is to block specific file types at the gateway, and/or set companywide policies on the E-mail clients deployed on workstations.

"These E-mail-borne threats can be blocked by applying polices across the company," Alfred Huger, senior director of engineering at Symantec's virus watch group, said Thursday. As an example, he noted that the more recent versions of Microsoft Outlook--by default all those since Outlook 2000 Service Release 1--let administrators lock out specific file attachments types from arriving or being accessed by employees.

"You should roll out the security updates for Outlook that prevent access to file attachment types like .exe, .scr, and .pif," said Huger. "You should implement that policy across the board, then allow only those specific people who require access to a particular file type to receive them."

Links to Outlook's security update, as well as information about Outlook's and Outlook Express 6's attachment blocking features, can be found on Microsoft's Web site.

Blocking some file types--.exe, .bat, .scr, and .pif--is standard in most organizations because they've been used by prior worms and viruses to wreak havoc. But the .zip file format, used to compress large or multiple files for archiving and/or faster delivery via E-mail, is one that many companies still allow through the gateway.

And by the statistics of this week's wave of worms, that's potentially hazardous. Of the 16 worms discovered since last Friday, 13 include, or may include, .zip attachments.

But security experts are mixed when it comes to labeling .zip as a threat that should be banned from business.

"To deal with this many worms, companies may need to block more file extensions," said Vincent Gullotto, VP at McAfee's Avert virus-research team. He recommended blocking .pif attachments, for instance--seven of the week's 16 worms may use that extension--"but I think .zip is still relatively safe."

Chris Belthoff, a senior security analyst at anti-virus firm Sophos, strongly disagreed. "Some of these worms are taking an interesting new tactic; they're deliberately trying to get by gateway scanning by password-protecting the .zip file attachments," he said. "Zip files are not to be trusted, period."

A third strategy that may limit exposure is to update anti-virus software definitions more frequently when multiple worms pop up in a 24-hour span.

This tactic, which Symantec's Huger said was already being used by most businesses--"For most of our commercial customers, decreased time between updates is already a best practice," he said--plays best to the consumer crowd, which is notorious for neglecting virus updates.

Symantec's Foster said other best practices that can help during security stresses--as well as those weeks when worms aren't so prominent on the Internet and in the news include turning off unnecessary file sharing (some of the recent worms can also spread via network sharing) and isolating infected machines as quickly as possible.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll