During the last couple of weeks we’ve seen various incarnations of the Mydoom worm propagate themselves throughout the Internet.
At the time of this writing, a new variant is appearing that seems yet more ominous in its potential intent. It seeks out systems already infected by Mydoom and, apparently, prepares those machines for a future role as mail-guns aimed at targets of the controller’s choosing.
Mydoom has demonstrated how effective it can be through the successful denial of service attack on SCO.com. Now those drones – an estimated 300,000 to 700,000 machines – are prepped and ready to attack who-knows what target.
There’s been a subtle change in the nature of the viruses seen in the last couple of years. The threats we see are more sophisticated, not just in technical terms, but also in their ability to exploit non-technical users.
E-mails with their sinister payload disguise themselves as an official-looking technical message coming from a ‘system administrator’ or ‘mail server’ in order to fool users into opening the attached malicious cargo. Subtler yet, infected machines rarely exhibit anything more than a slowing of their system’s Internet performance, which the user may not even notice. That’s a big change from the days when fear of wiped hard drives and other highly visible signs of infection may have motivated users to seek advice on safe computing practices, and convinced them of the value of antivirus software.
Most corporate environments already have filters and policies aimed at securing their own environments, but the reality is that we share this critical network infrastructure with a bunch of amateurs, whose computing practices are often dangerously irresponsible by corporate standards, placing us all at risk.
The solutions I’ve heard suggested around this aspect of the threat are interesting and varied:
– Seek out and destroy the infected machines; an extreme solution with fairly obvious practical and ethical implications.
– Force users to take a safe driving test before they’re allowed to operate a computer connected to the Internet. But consumers mostly don’t want to be computer experts, and why should they?
– Get Microsoft to bundle self-updating antivirus software with every operating system shipped. But is it reasonable to think that Microsoft, already in trouble over monopolistic practices, should wrest control of this business away from the established antivirus vendors?
While the latter solution may not be practical, it’s unrealistic to think that the answer lies with consumers. An industry-wide solution that takes responsibility out of the hands of end users is clearly required. Who pays and who drives are questions to be answered, but we would all benefit, so the cost could be thinly spread.
Your views and creative ideas on this tricky issue are welcome at: [email protected]