October 15th, 2002, 06:16 PM
Have there been a lot of worms lately? Has any one noticed a good bit of them easily travel through widely used networks:: Like MSN-Messenger and Warez-Clients(napster style). It seems to me that writing these worms/virii is getting much easier. With no more than a few API calls- one could easily write a worm that travels through lets say 'KaZaA'. Lately these worms have been more and more malicous (the latest using MSN-Messenger) - stealing Credit info and Cached passwords. Before i get caried away with myself and babble, babble, babble...
Users / Developers / Admins / Haxors need to consider the dangers of these widely used applications (AIM,MSN,KAZAA,WINMX,ETC) a lil' more...
yeah, I\'m gonna need that by friday...
October 15th, 2002, 08:21 PM
Worms I think are unfortunately the wave of the future and something that will continue to grow worse over time (especially as source code for the latest wave of worms has become easily available for modification, improvement, etc (for a recent example, slapper)); however, just because a worm abuses a current service (for example name your favourite IM), doesn't mean that the day that service is shut down there will be an end to worms.
Worms will always be around and will always take advantage of whatever services are available. So long as poorly designed/implemented code that accepts a remote connection floats around (you could say microsoft, but really every vendor has had them, just some harder to abuse than others, or some in greater numbers), you will have worms, period. The best that you can do as a system/network administrator is to make your network security as hardended and layered as possible and hope to minimize the danger (for example, multiple layers of firewalls, intrusion detection systems, email filtering, secure server/workstation/desktop configurations, anti-virus, ingress/egress filtering) all provide degrees of protection that, at least on our network, has minimized, if not eliminated the effects of many of the nastier worms that have been around in the last couple of years.
If you are floating around with a dedicated connection to the internet these days without a modern firewall, IDS, email anti-virus/filtering, you might as well just put your head between your legs and .... you know the rest of it (and that isn't just in reference to worms), because it will no longer be a question of if, but when.
Its a nasty world out there these days,
EDIT: One thing I did neglect to mention is that some applications, no matter what type they are (be it a web server, IM, file sharing, etc), are so poorly written and designed, that simply allowing them to run on your network constitutes a severe risk and should be blocked to the best of your capabilities (for example, internet access to file shares/netbios) Didn't realize it till I read back through my message that I neglected to mention that there are times where an application block is necessary, even if you have good layered security.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)