Antivirus vendors face new threats

Two of the most used operating systems in North America are being ravaged by new viruses, illustrating that both the open-source and Wintel worlds are vulnerable to such threats.

The Slapper worm, which is currently affecting Linux systems, attacks via the secure socket layer (SSL), which is actually intended to help transmit information securely. But vulnerabilities in SSL are not uncommon, according to one expert.

“(Slapper is) using a trick to cause the program code to be run, called a buffer overflow. It’s a very potent kind of attack,” explained David Gamey, senior security consultant at IBM Canada Co.’s security and privacy services in Toronto. “That program brings its own source code in behind it and compiles itself.”

The Slapper worm has four or five variants, and is spreading more rapidly than initially expected. Some reports had indicated that the worm had already travelled to 12 different countries.

There is already a fix available for the Slapper worm, but it’s now up to systems administrators “to be on the ball enough to realize they’re running open SSL and pull down the fix before they’re hit with an attack,” said Larry Karnis, senior consultant at Application Enhancements in Brampton, Ont.

Meanwhile, the Bugbear virus is making its way into Windows-based systems. The mass e-mail-type virus is taking advantage of a flaw that has existed within the Microsoft Outlook browser since March 2001. Once the user opens the infected e-mail, the virus runs itself and copies all of the user’s contacts, and mails itself to them. It also uses “social engineering,” whereby it gets the user to open the e-mail by using a common subject line to open it, such as “hello,” Gamey said.

Once opened, the virus inserts a key logging program and searches for sensitive information and passwords. What’s worse, Gamey said, is that the worm will periodically awaken and look for antivirus software or a firewall and destroy it.

At one point Symantec Corp. had upgraded Bugbear to a level-four virus on a scale of one to five, with five being the most serious. The antivirus company pointed to a rapid increase in reports of the virus from customers in early October.

In a statement, Finnish antivirus vendor F-Secure Corp. indicated that incidents of the Bugbear infection had surpassed incidents of infection by the Klez virus, the most widely circulated virus of 2002.

But reports of new infections were higher in Europe and Asia than in North America, according to Chris Wraight, technology consultant at antivirus software maker Sophos PLC. Bugbear is a far less formidable threat than predecessors like Klez, Wraight said.

“We’re still looking at infections in the thousands. At this point with (the Klez virus) we were talking about millions of infections,” he added.

Leading antivirus software vendors have posted updated virus definitions covering the Bugbear worm. Antivirus software vendors are encouraging customers whose computers have not yet been infected to update their antivirus software.

A patch is available at .

Over the past year, other viruses such as Code Red, Nimda and I Love You have proved to be extremely harmful. Still, users looking for a sure-fire way to avoid the latest two from affecting them should consider that “the first line of defence is not mindlessly opening up unknown attachments,” Karnis said.

– With files from IDG News Service

Related Download
Talent acquisition of the 21st century Sponsor: IBM
Talent acquisition of the 21st century
Download this white paper to see how global recruitment technology helps organizations efficiently manage the complete hiring cycle.
Register Now