Putting up a fight
Companies and antivirus software makers are looking for answers to stave off future worm attacks.
Companies will typically filter email attachments at their gateways--the corporate connections to the Internet. A common part of this defense is to try to beat worms at their own game by distributing new virus detection faster than the viruses can spread. However, if a new virus does not match any of the types contained in the filtering software's definitions, the scanner will not flag the attachment as malicious code.
To address this problem, Symantec and IBM have teamed to create what they call a "Digital Immune System." By responding to the first new infection and pushing any new scanning definitions and software to all their customers, the companies hope to protect computers before a worm attack can peak.
Other efforts, which hope to catch worms at an even earlier stage, seek to block the malicious behavior of computer viruses. But these efforts have a long way to go.
The AnnaKournikova virus, a worm written in Visual Basic Script, spread worldwide despite being quite similar to LoveLetter and other recent, lesser-known worms. One independent antivirus researcher, who asked not to be named, said the worm was so effective because some antivirus manufacturers--most notably Symantec--failed to detect the creation of the VBS Worm Generator right away.
The fact that worms can spread so easily should have every person using the Internet just a little paranoid, said Whitehats' Max Vision.
"Although most worms are benign, they demonstrate serious vulnerabilities," he said. "There are many worms propagating through the networks constantly."
That's not the only worry, said Cary Nachenberg, chief researcher for Symantec. With so many worms on the Internet, the chance that they could start interacting with each other has grown.
"These sorts of complex systems can create their own emergent behaviour," he said. "Many have already caused effective denial-of-service attacks because of bandwidth consumption."
What's next? Nachenberg doesn't know, but he said it won't be good.
"It's the sort of thing that scares me," he said.
