Worm in the machine
On Monday morning, thousands of computer users woke up to the news that yet another worm was wreaking havoc on computer desktops and networks across South Africa and the world.
As IT specialists and companies scrambled to contain the threat of the Sasser worm, users could be forgiven for feeling that this was just more of the same, and that outbreaks of computer viruses are becoming as common, and annoying, as that other scourge of the information age, spam.
The fact is, that these attacks are becoming more frequent, and in some cases more sophisticated, than ever before.
The whole thing is a race between virus writers, developers and security experts, and it’s getting faster.
It took only three weeks from the time Microsoft identified the flaw in Windows that Sasser exploits, to the release of the first version of the worm. Three days later there were four versions circulating.
This is because the people who write viruses are getting better at it, and better paid for it. Once the domain of geeky misfit kids trying to outdo each other, virus writing is increasingly being done with a purpose — one that is far more sinister than simple vandalism.
Many of the recent virus releases were designed to do specific things, such as bring down websites (MyDoom was created to launch an attack on the website of a company embroiled in a legal battle with Linux), send out spam (Sobig turned infected machines into spam servers) or steal secure and sensitive information, such as credit card details.
The common goal behind the recent spate of virus attacks has been to create a network of computers that can then be used by the virus writers for their own, illicit purposes.
Dwaine van Vuuren of Dimension Data says that “hackers are now using ‘zombie’-affected PCs across the globe as personal ‘armies’ to extort ‘protection money’ from organisations and companies that rely exclusively on Internet presence for revenue” — in other words, not so much virtual vandalism, as virtual extortion.
Not, of course, that the gang warfare mentality of virus writing has been completely overtaken by these new mercenary goals.
According to Finnish security company F-Secure, on digging into the code of the latest versions of the Netsky, MyDoom and Bagle worms, one finds hidden messages to other virus writers such as: “Hey, NetSky, fuck off you bitch, don’t ruine our bussiness, wanna start a war?”; “Skynet AntiVirus —Bagle—you are a looser!!!”.
International anti-virus company Sophos says that a hidden message in the Sasser worm points to the writers of the NetSky virus claiming responsibility for it: “Hey av [anti-virus] firms, did you know we’ve programmed the Sasser Virus?!?”
Despite the adolescent posturing and bad spelling, these code-writers should be taken seriously. They have caused millions of rands worth of damage and managed to bring networks to a standstill.
Although the final impact of the Sasser worm has yet to be assessed, Gary Middleton of Dimension Data says that the cost is already in the tens of millions of rands in South Africa alone. By the middle of this week, several major companies were still battling the outbreak.
He considers this attack to be as severe as the Blaster attack that crippled companies last year. Worldwide, companies affected by Sasser included banks, governments, post offices and airlines.
The truly scary thing, though, is that Van Vuuren predicts that this is just the first of the 10 to 16 major virus or worm attacks we can expect this year alone.
What it is, what it does and what to do about it:
According to Barry Irwin, a lecturer at Rhodes University, and certified Internet security professional, Sasser is a worm, which means it spreads by itself. You don’t need to open an infected e-mail, or run an application, to catch it. Any computer that is running Windows and is attached to a network or the Internet can catch it. Once you are infected, the worm will use your computer to try to spread to other machines. Because it is badly written, it may cause your computer to repeatedly crash and reboot, but this is not intentional.
To protect yourself from Sasser, and other attacks, you should