Malware’s destructive appetite grows

An evil array of computer viruses, worms and Trojan horses will in coming years propagate to your cell phone, invade your personal digital assistant (PDA), open back doors into your PC and more, experts are forecasting.

Predicting what form rogue software will take is difficult, they say, but current trends offer clues. “They are coming faster,” says Peter Tippett, chief technology officer at TruSecure Corp. in Herndon, Va. “When we had Friday the 13th and Form, it took a virus two to three years to go from birth to being No. 1 [in reported attacks]. Then, when the macro virus Concept came along, it took two to three months. Last year, Nimda took 22 minutes to go to No. 1.”

Although the number of new viruses introduced each year is declining, “malware” is getting far more destructive. It increasingly spreads by multiple vectors, Tippett says, such as the Nimda worm, which propagated in five ways. And more viruses are being aimed at Internet servers, with desktop invasion a secondary effect.

“When you have 400,000 servers on the Internet all contributing to the spreading of an infection, you get an incredibly rapid growth,” he says.

And the rogue software not only can spread in multiple ways, but it also can launch multiple attacks. “With the worm Nimda, there were multiple payloads not just data destruction but also creating vulnerabilities and exploiting them,” says Vincent Weafer, senior director of security response at Symantec Corp. in Cupertino, Calif.

Indeed, two previously distinct groups virus writers and hackers are joining forces to cause double trouble. “Now we are seeing attack tools used by both sides,” Weafer says. “What if I take a buffer overflow exploit and put that on the back of a worm that goes looking for vulnerable systems?”

Perhaps the biggest boost to malware distribution will come as devices become more programmable and connected. “I am particularly worried about the merging of mobile phones and PDAs,” says Fridrik Skulason, a virus researcher at Frisk Software International in Reykjavik, Iceland. “Sooner or later, someone will release something with the intent of screwing up mobile phone communication worldwide.”

Adds Skulason, “I am also concerned about ‘slow’ damage viruses that fiddle with data, changing a single number in a spreadsheet or changing a word or two, like changing ‘probably’ to ‘probably not’ in a document. In those cases, even a good set of backups may not help, because the data corruption might have gone on for a long time.”

Graham Cluley, a senior technical consultant at Sophos Anti-Virus PLC in Oxford, England, predicts a rise in the use of “backdoor Trojan horses” sent surreptitiously by e-mail. “You run the program and that opens a door, which people on the outside can use to steal your passwords, destroy files and so on,” he says. “With the increased adoption of always-on connections, more and more home and office users will get hit by them.”

How bad could it get? “Sometime in the next five years, we will see a major outage of at least one service for example, e-mail or the Web or one part of the Internet due to malware,” predicts Richard Ford, chief technology officer at Cenetec LLC in Boca Raton, Fla. He declines to give details but says, “The Internet is a lot more fragile than we sometimes think it is. We should think carefully about the different ways the Internet in general could be attacked and design around them.”

Indeed, new technologies such as the Simple Object Access Protocol and the Universal Discovery, Description and Integration standard will provide entirely new ways for computers to interact, says Sarah Gordon, a senior research fellow for security response at Symantec. “With that new interaction comes an entirely new universe for the malware author to explore,” she says. “We need to consider this as we create standards and deploy systems which rely heavily on these technologies.”

Despite the gloom and doom, protective measures will improve, some experts say. For example, Ford says, “companies like Symantec are beginning to ship parts of a ‘Digital Immune System,’ which allows computers to grant ‘herd immunity’ to computers whenever a new virus is discovered, all with no human intervention. While the technology is still in its early stages, it bears a great deal of promise.”