January 21st, 2004, 02:24 PM
Virus writers building underground network for rapid dispersal of new viruses
Source : http://www.clearswift.com/news/pressreleases/306.aspx
London, UK – January 12th, 2004: Clearswift, the MIMEsweeper company, predicts a rise in malicious threats and the birth of the ‘superworm’ in 2004, following an analysis of 2003 and the detection of a private peer-to-peer malware network. Clearswift is advising organisations to review their email and Web security to ensure their PCs are not used to distribute viruses or execute criminal activities on behalf of malicious groups.
The Sobig project last year, consisting of six successive viruses, marked the emergence of long-term malware projects, involving multi-stage attacks using spam, worms, trojans, spyware and proxies. Furthermore, 2003 saw a clear switch in motivation of the virus writer – intellectual challenge or simple-minded cyber-vandalism is no longer the primary motive.
Instead, financial gain is now the principle reason behind virus development. It has become apparent that the Sobig project was instigated by organised crime gangs which are now deploying the tools of spammer, virus writer and hacker in a co-ordinated manner to expand their operations into cyberspace. These groups have now established a network of broadband home PCs which can be covertly used as an anonymous platform for criminal activity.
The Sinit Evolution
More recently, a private peer-to-peer malware network has been created, marking a major milestone in the evolution of the virus landscape. The network, dubbed Sinit, removes the single-point-of-failure that is often targeted by law enforcers in order to terminate viruses (as was the case with the last Sobig virus). With Sinit, there is no central server that can be shut down. Each infected host becomes part of a peer-to-peer network through which additional trojans are spread to all hosts. It has been estimated that hundreds of thousands of PCs have already been infected.
Sinit enables rapid dispersal of viruses and uses sophisticated encryption technology to prevent anti-virus companies from tracking development activity or modifying the virus codes. Sinit could also constitute the launch pad for a highly efficient ‘superworm’. Theorists have postulated that a superworm could be capable of infecting all vulnerable hosts on the Internet in minutes.
“It looks as though 2004 will be the year of the superworm,” comments Pete Simpson, manager of ThreatLab at Clearswift. “It’s always been an arms race in the battle between virus writers and anti-virus companies, however both sides now have financial incentives. Sinit represents a new and daunting challenge to anti-virus companies and further emphasises the need to have a multi-layered defence against these security threats.”
Whilst organised crime has come to dominate the malware scene, in 2003, the traditional virus-writing groups have not been entirely moribund. Serotonin, a virus developed last year that has yet to be released in the wild, represents an entirely new generation of worm. Using ‘Genetic Programming’ techniques, based on processes analogous to those operating in biological evolution, the worm mimics natural selection processes. Although this has not been released in the wild yet, it demonstrates the potential problems to come.
No longer can organisations expect to be protected from malicious codes by deploying just firewall and anti-virus technology - the ever-evolving nature of viruses require a more proactive defence. Content security provides an additional layer of defence by enabling the generic blocking of executables, scripts and specified file types to protect against viruses and non-viral malware such as spyware. It will also intercept other malicious code in email and web pages.
January 21st, 2004, 02:39 PM
How novel. A commercial venture regurgitating old news for capital gain. Too bad people are going to be sucked in.
Clearswift, the MIMEsweeper company, predicts a rise in malicious threats and the birth of the ‘superworm’ in 2004, following an analysis of 2003 and the detection of a private peer-to-peer malware network.
Thanks SDK, I needed a good laugh to start the day.
January 21st, 2004, 02:39 PM
Yup, that is an article. Lol. Quite interesting although I suppose it makes sense since tons of business is now done online. If a superworm like that was developed there could be issues, however I do not think it will be nearly as fast as predicted. The entire internet in mere minutes is like calculating pie out to the 100000000000000 digit on an old condor in a few seconds. However the encryption on the Sinit is a warning sign that viruses, as stated in the article are becoming more advanced, and not just practicle jokes, and skiddies. I think the goverment has to have captured the Sinit virus (honeypot), or an AV company. Even if it was written incredibly well, it can still be taken apart and looked at; anything can be. [Sarcasm] It could be like Terminator 3 where the AI is the virus taking over computers... Judgement Day has come, in the next year or so. [/Sarcasm] Probability that there will be a supervirus infecting all computers on the net in minutes, 1%, unless distribution is through Sinit, in which case it would still take longer than a couple of minutes unless Sinit is on every computer connected to the net, or the vast majority, say over 60% with a very high distribution rate. What vulnerability would they exploit? Winblowz has a lot, but depending on what it did would not most administrators see it? Would it infect *nix based? I do not see the supervirus as a realistic possibility, at least not to the magnitude they are saying.
January 21st, 2004, 04:45 PM
*crawls out of the piles of rubble in a post Sinit world* I made it...I'm still alive!
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
January 21st, 2004, 05:09 PM
See... This is the reason I don't want to get out from under my covers in the morning...
Its dangerous out there....
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
January 21st, 2004, 05:22 PM
They talk about it like it is news. Also, they make it sound like it is full of mystery and like they are James Bond. C'mon people, these are people with way too much time on their hands and have nothing better to do than to write virii and take regular breaks mastrubating to Internet pr0n.
Heh, kinda sounds like me. Too bad only the latter is true.
January 21st, 2004, 06:16 PM
Sinit = Skynet?
At what point will Sinit become self-aware?
Is Judgement Day coming now?
Seriously though, here is some more information from Symantec regarding Sinit:
January 21st, 2004, 07:31 PM
I guess those people are really using distibuted computing in great ways......
I guess the threat is real... with virus attack becoming more and more stealthier ... may be one day they could actually go unnotice after creating a havoc...... Pray that day does not come soon....
Personally I saw how one virus can ruin ur system.. example of CWS.. which uses simple flaw in MS Java Runtime engine.. In span of few days my system was infected with atleast 5 variants of the virus........ What ws strange was that my antivirus was simply not able to disinfect nor were any other antivirus able to do so........
This brings us to next big question what would be future of antivirus programs.. could there not be any better way of detecting and deleting virus rather than using signature files....
****** Any man who knows all the answers most likely misunderstood the questions *****
January 21st, 2004, 09:25 PM
Maverick811, if Skynet is coming shouldnt someone start searching for John Conner or the real world equivalant. He might be our only hope:-)
\"The things you dont remember are the things that didnt exist\"