Machine WarsMachine Wars
The battle between good and evil in cyberspace is increasingly fought with automated tools
January 14, 2005
One in 16 E-mail messages carried a virus in 2004, up from one in 33 in 2003, E-mail security company MessageLabs Ltd. says. In December, one in 10 E-mail messages carried the Zafi-D worm, Sophos says. From July through November, the average monthly growth rate in phishing sites was 28%, according to the Anti-Phishing Working Group, an industry association composed of financial institutions, online retailers, ISPs, law enforcement, and security vendors. The likely cause, it suggests, is automation, in the form of a newly available phishing toolkit.
Another theater in the machine wars is the world of Completely Automated Public Turing test to tell Computers and Humans Apart. Captcha images--pictures, wavy words, or another element difficult for a computer to identify--are used, for example, by ISPs to prevent spammers from bulk registering free E-mail accounts. Ticket scalpers, however, use optical character-recognition software to get around Captchas to buy event tickets online in bulk, preventing fans from getting face-value tickets. "OCR could break the old Captchas with approximately 10% accuracy, which is sufficient for [scalpers'] needs," Greg Mori, assistant professor of computer science at Simon Fraser University in Canada, writes via E-mail.
Ticketmaster, the leading seller of event tickets, doesn't want to reveal the measures it takes at "significant cost and resource" to fight the problem. "Optical barriers and ticket limits are the most visible to the consumer, but there are many other fraud-prevention measures in place behind the scenes," David Goldberg, executive VP of strategy and business development at Ticketmaster, says via E-mail.
Another automated way in which spammers have tried to bypass similar challenge-response systems--which challenge E-mail senders to answer a question to establish that the sender is a person, not a bulk-mail program--involves pornography. Porn zombies, says J.F. Sullivan, director of product marketing at E-mail company Sendmail Inc., send spam like regular zombies, but when they receive a challenge E-mail, they post it as a message on a porn site, offering access to visitors who answer the question. The server sending the challenge then receives the answer and delivers the spam.
Automation has kept spammers in business, despite the best efforts of the IT industry. "Spammers know what kind of anti-spam technologies are in use," says Vipul Ved Prakash, founder and chief scientist at anti-spam company Cloudmark Inc. "And they're designing automata that can defeat that technology" (see story, "Constant Struggle: How Spammers Keep Ahead Of Technology").
Ryan Trevino, enterprise messaging administrator at National Instruments Corp., an industrial-measurement and automation-tools company, has seen this firsthand. During the first two quarters of last year, he says, the average number of E-mail messages received daily climbed from 125,000 to 160,000. "We saw the effectiveness of our in-house spam filter drop," he says. "We saw more of our users getting attacked by viruses and phishing."
Whether things are getting worse or better--and whether automated tools can fight back--depends upon whom you ask. Some experts argue that the expansion of the Internet--to third-generation cell phones, PDAs, video-game boxes, and industrial-control systems--and the increasing complexity of software and Web services makes an increase in security problems inevitable. Others downplay the doomsaying and suggest that best practices and innovative technology, in conjunction with law enforcement and user education, can mitigate the risks.
The environment is getting more dangerous, Perot's McClaskey says. "However, I know for us and for our customers, in general, by adopting what I would call an enhanced posture, we really have fended off a lot of stuff this year," he says. "2003, for a lot of companies, us included, was really a wake-up call about the accelerating pace of these attacks."
McClaskey credits Sybari Software Inc.'s anti-spam software and the ability of Microsoft's Software Update Services to automate patching with making a huge difference, along with other tools that automatically keep systems updated, such as Symantec's Norton AntiVirus Corporate Edition. Trevino at National Instruments says his company's latest anti-spam software, from Proofpoint Inc., installed in November, is delivering good results.
Vendors need to answer the call. Microsoft's Barzdukas points to steps the company has taken, including software releases such as Windows XP Service Pack 2, automated patching, and a broader reengineering to require closer security review of Internet-facing technology. As outlined last year by chairman Bill Gates, future versions of Windows promise "active protection technologies," which include dynamic system protections that defend against attacks in a more proactive and adaptable manner than seen today, behavioral blocking to contain worms and viruses, and an application-aware firewall to mitigate malicious traffic.
Security companies see an opportunity to outsmart automated threats. Whole Security Inc. and Sana Security Inc. both make security software that doesn't rely on rules or signatures, and thus offers protection during the several-hour gap between the appearance of a new attack and the creation of a signature to block it. Prevx Ltd. has made a version of its enterprise security software freely available to consumers, which should help inoculate a larger number of vulnerable PCs. Fortify Software offers automated tools for finding security flaws in software code. Determina Inc. offers an intrusion-detection system that guards against memory overflow errors. And HP recently revealed plans to include "virus-throttling" technology in some of its products to slow the rate that viruses can spread.
Gartner security analyst John Pescatore also argues that more protection has to be built into the network. Networking vendor Cisco Systems is moving in that direction with its network-admission-control program, a cooperative effort with more than a dozen IT vendors that would let a business network automatically check devices' security software and settings and grant access only to those that are up to date.
Who's going to win these machine wars? Most likely, it will be an escalating battle for some time to come. Whether it's criminals around the world dreaming up ways to thwart the best defenses or bots continually scanning the Internet looking for systems they can attack, the new reality is that evil never sleeps online.
Illustration by Jeff Soto
About the Author(s)
You May Also Like
Oct 2023 Threat Horizons Report
Processing principles under the GDPR, CCPA, and the EU-US DPF
Success at the Edge
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Acceleration
Checklist: Top 6 Considerations to Optimize Your Digital Acceleration Security Spend