Steel Yourself For New Threats

Read this article at CRN.com

By Heather Clancy CRN

New York (May 9, 2005) – CRN – Relatively speaking, it was a quiet first quarter for worms and trojans delivered via e-mail, but security threats are becoming more ominous when it comes to instant messaging applications and adware/spyware.

That’s the conclusion reached by Kaspersky Lab, the Moscow-based security content software developer, in its quarterly report on malware trends. And it’s a finding echoed by security solution providers, which are steeling themselves for this new breed of challenges.

“Attacking computers has become a pay-for business,” said Robert Cohen, president and CEO of CG Atlantic, Roslyn, N.Y. More and more, security threats are being devised and launched by professionals, he said.

Security solution providers say the trouble is that many businesses are still hiring them to catch up on deploying more basic information-security measures, such as firewalls, VPNs and e-mail antivirus protection. Still, they are dispensing advice about these newer threats when possible.

“We have been telling our customers not to use IM as a piece of corporate technology forever,” said Michelle Drolet, CEO of Conqwest, a security VAR in Holliston, Mass.

According to a spokesman for Kaspersky Lab, most new worms attacking instant messaging applications are written in Visual Basic, suggesting the virus writers are relatively inexperienced programmers.

Still, these worms can cause damage: As an example, Backdoor. Win32.SdBot or Backdoor.Win32.Rbot can create “zombie” computer networks, gaining control of unsuspecting users’ systems and harnessing them for nefarious means such as sending spam or launching a denial-of-service attack, Kaspersky reported. Most IM worms are delivered by convincing the recipient to visit a Web site, where the body of the worm is hidden. “Oftentimes an IM message appearing to come from a friend will tell you to click on a link. But, it’s really malware that then gets downloaded,” Cohen said. The most effective way of dealing with this today, solution providers said, is to strictly monitor IM usage and even block traffic at the gateway if it’s not necessary for doing business. If the customer refuses to take such drastic measures, filtering URL tools such as WebSense can prevent an IM user from actually connecting to a problematic site, Drolet said. This helps protect against worms delivered via instant messages and spyware that is attempting to communicate with a specific site, she said.

Kaspersky’s report also points to an increase in spam related to social engineering or phishing, the practice of convincing people to give up personal or financial information. The twist is that this spam, again, is being sent more often via IM applications and peer-to-peer online gaming networks, according to the vendor’s research lab.

Adam Hirsch, director of information security for Net at Work, a solution provider in New York, said these threats, along with rampant spyware infections of business PCs, can make it difficult for a company to get on top of their broader compliance policies, such as those relating to the Sarbanes-Oxley Act.

Moreover, spyware has become a profound administrative issue. At some companies, Hirsch said, more than 70 percent of IT administration time is being spent cleaning it off systems. To combat this, Net at Work is layering SurfControl’s new Enterprise Threat Shield with the Cisco Security Agent technology to create a layered approach to protection.

“We’re pushing this hard with all of our clients,” he said. Indeed, security solution providers increasingly advocate a multipronged defense system coupled with ongoing vulnerability assessments and analysis of incoming attacks in order to stay one step ahead of the bad guys.

“Knowing your weak spots is paramount to being safe these days,” Cohen said.