Wars are fought by brave men but the virus war is fought by men who think they are intelligent but in actual fact copycats. Very unfortunately we are the victims of these wars. Unlike some wars, this war is unstoppable, no matter how much effort we put in to stop the war. The only thing that we can do is to prevent less damage from being done is by unpluging ourselves from our computers. Can we do that? The answer is obvious. Who is to be blame? Look in the mirror and you will find the person.
As technology advances, the virus wars will continue to escalate, with output poised to exceed that of 2003 – year of the worm. Original virus writers used to write viruses just for the joy of experimentation and not for the joy of destroying your hard disk. Unfortunately time has changed and so has the reasons for writing a virus. Virus writers come in four categories. They are writers who write for the thrill of it, students who do it for research, script kiddies who write to impress but unfortunately their coding sucks and their scripts are copied from other virus codes and finally cyber terrorists who write viruses for destruction. There is no real need of spending hours to learn how to write a virus. It can be written with only a few lines of codes. You can even learn how to write a virus by visiting a website that teaches you how to write a virus.
Script Kiddies have taken full advantage of it. They can even weave together existing attacks from codes available from community resources. That’s why I say that they think they are cool and intelligent but in actual fact copycats.
One of the main reasons why viruses are written in the 21 century is money. Keyloggers are able to be installed in computers to act as backdoors in order to track passwords, credit card numbers and other confidential information. The valuable information can be stolen and sold for profit. Hackers can also use these methods to blackmail a company. After all what is losing a few thousands dollars compared to losing your customers which would result in a loss of a few million dollars.
There has been some rivalry between virus writers like Bagel and Netsky. They are using huge pools of zombie machines adapting exploits left by others like MyDoom and So Big to spread new variants with code containing taunts. They are also trying to get a better of the anti virus industry as well. For example, the ability for virus to be spread through attachments. In response the anti-virus industry created their software to scan for zip files and extensions. Virus writers then used password protected zip files at which anti-virus could not decrypt the password. Anti – virus companies followed up by creating a new AV program that could parse an e-mail message for the password and store it in memory so that they could decrypt the message and scan for virus. In retaliation, the writes use a bitmap file instead of using passwords. Other current trends include self-propagating codes with tie-ins with spammers, networks of bots created by organised crime to use in extortion and codes shared with other writers
Virus writers will invent more tricks in the future. The virus MyDoom is spread through attachments. The user had only to click on the e-mail in order to spread the virus. As I type these stories, there are talks of creating multiplatform viruses that would infect icons, cursors, or media files or damage CD-ROM and DVD-ROM viruses. As of now, viruses attack software but not hardware so don’t worry too much. As for the future whether it would attack hardware, only time will tell. Due to the advancement of technology, the terrain for viruses to exploit have widen. Viruses now target instant messaging, peer-to-peer networks, voice mail systems, handheld devices, Microsoft Xboxes and other consoles, and mobile phones..
With all these viruses running around, have you asked yourself why there has not been a Big One ( a rapid spreading virus that would destroy a lot of data) yet? The answer is that a virus has to find a exploit first and that is not very easy to find. If it runs too soon, it will destroy it self. If it runs too late, the AV companies will stop it.
There is an increasing need for viruses to elude the AV software. One such kind of virus is the metamorphic virus. It rewrites itself each time it mutates. The AV scanners have to decrypt it and then scan it to find the underlying code.
UnFortunately there are now many of these kind of virus because most virus are written using Visual Basic which is easy to use. The writers are of course yours truly script kiddies. That’s why I shall re-enforce my statement by saying that they think they are intelligent and cool but they are not. You need a more complicated program to write a metamorphic virus. Those who have succeeded are the intelligent ones.
Some writers are even annoyed with script kiddies because they create virus to trick people to open attachments inorder for the viruses to activate. They don’t write viruses to exploit various OS weaknesses. For example, Netsky let users believe that the mail they received came from someone they knew, by extracting e-mail addresses from files in a certain way and this is possible when an e-mail is sent using SMTP to anyone from any address. I could send a mail under your address to your girlfriend saying something horrible and she’d think you wrote it to her. Alright I won’t do that. Don’t worry!!!!!
There has been an increasing trend in the use of viruses to target specified groups like political ones to spread their messages. Viruses also have a great effect on businesses. If virus keep on increasing ( which they will do ), consumers’ confidence to do trading on the net will drop. Business could lose a lot of money. Isn’t it good to combat viruses and not to take for granted that you are save just because you have installed “ an out of date AV program”.
Yes, the signature engines for AV programs run out of date once they are shipped. It is our responsibility to update our virus engines once it is installed. We must not wait to update the engines only when we suffer a virus attack.
ISP can help us by protecting our incoming and outgoing e-mail but that does not mean we must rely on our ISP alone. We must develop a mult-tier protection concept. Some methods are protection from our ISP, protection from our updated AV program and last but not least encrypting all data in case if a hacker gains access to your data and files.
There are many encryption softwares in the market, like PGP. To describe their functions would be out of scope for this story. The good news is that Pacific Net and Singtel offer services to protect your e-mails but you have to pay for it. I think they should change this concept and provide it for free. After all protection of computer systems is every one’s effort.
AV companies now have more effective suites. The best suites are the ones combined with programs that monitor spam with AV and anti-spyware capabilities. They are aware that the technical challenges of neutralising viruses are shifting. They have to analyze what the entry points that virus could exploit and the speed at which viruses are spreading.
They have to change their mindset as well by creating reactive defenses and proactive defenses as well. Fortunately some companies have done that. For example, Cisco, Fotinet, Panda and others all have products that will detect threats and close down without interfering with the primary AV engine.
One strategy that has not been implemented yet is sandboxing. It creates a virtual OS so sophisticated that when a piece of code comes in, it’s fooled into operating on the virtual OS instead of on the actual one. The engine can then analyse what the code is trying to do and handle it without letting it ever reach the real OS. Other strategies could be to create all in one programs that address viruses, self-propagating e-mail worms, spyware and adware, the use of AV technology to track down virus writers or quarantine poorly managed networks; intrusion prevention integrated into firewalls to block malware at the border and systems that have security built – in rather that added on.
AV programs should be developed in such a way that it is user-friendly. There is an increase in less computer savvy people using computers. They should be skilled in the usage of AV programs. If they find that the AV program too troublesome to use, they will dread to use its functions.
We should not be too dependent on Microsoft OS and their applications. It is not easy to do away with Microsoft and it is also one of the reasons why we are easily attacked by viruses. We have become to predictable.
We must not target certain groups. Like Aids, we think only certain classes of people are prone to be infected by the deadly viruses. In reality, anyone of us is valuable to the disease if we are not careful so do not forget to wear a condom. AV programs must be created to protect all kinds of targets.
We must not be subjective and only scan certain files for virus. For example, we scan files that we are downloading from peer-to-peer networks for virus and not other files. Well maybe there are some that would scan every file that they have for virus but there are others who do not. I am the biggest culprit.
Finally we must question our moral judgement on creating viruses and using them for destruction, unauthorized entry of a computer system, stealing and tracking of information. For example, RIAA wanting access to hack into machines and send viruses to file shares. If we allow them to do that, we will open Pandora’s box. We will create a culture whereby anyone could write a virus program in order to hack somebody’s computer system. The best thing is that they would think it is a moral thing to do.
Therefore, let the wars continue because there is nothing much we can do but only prevent less damage from being done. So look forward to more viruses and new developments in the AV industry. It would be interesting to see how they combat the new viruses. The most important think is too stay alert and vigilant at all times. Don’t let our guard down as the virus will appear at an hour we would not expect.
No comments:
Post a Comment