[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 8 October, 2004, 16:36 GMT 17:36 UK
'Proof of concept' viruses pose new threat
By Chris Long
BBC Click Online reporter

These days, even opening a lowly Jpeg file could run a virus on your computer. Chris Long looks at the disturbing new threats on the computing horizon.

Stuart Okin
It is only a matter of time before someone picks up the proof of concept and develops a virus of some description
Stuart Okin, Microsoft
A file that is not only part of the Windows Operating System, but also sits within Microsoft Office and many other applications, is now at the heart of the latest "proof of concept" virus.

A "proof of concept" virus is not the same thing as a virus.

It is where, usually, a security researcher has identified a way of attacking a system and published a blueprint on how to do this, rather than actually launching an attack, explains Stuart Okin, chief security officer of Microsoft.

"But it is only a matter of time before someone picks up the proof of concept and develops a virus of some description.

"It's not inevitable, it's not 100% certain it will occur, but there is a likelihood."

The file in question where a vulnerability has been identified is GDIplus.dll.

"This file is, in essence, the component part of the software that processes images and Jpeg files", says Stuart Okin.

"But these are all proof of concepts and if you're running Windows with Service Pack 2, or you've downloaded the patch, then you're protected."

New targets

But hitting Windows is almost passť these days. Now, virus writers are looking for newer, smaller devices to pick on.

Wireless security specialist Sal Viveros says: "One of the next big growth areas we expect to see is the mobile area.

"We believe that virus writers and hackers will choose that as their next target, especially as we're seeing more and more functionality going into these smart phones.

"Historically, what we've seen is that the more functionality you have, the more the virus writers can use that to create threats and vulnerabilities."

Sal Viveros
For the most part, hackers will just go and find another system that has no protection
Wireless security specialist Sal Viveros
But it is not all bad news. Those of you who have anti-virus products and firewalls on your PC will be able to buy the same for phones and PDAs.

(However, those of you who do not have any protection may as well give up now.)

Sal Viveros adds: "In the future we expect to see security, anti-virus and firewalls built into many phones that are going to be available.

"It's very, very difficult for hackers to beat an up-to-date anti-virus with a properly implemented personal firewall.

"And, for the most part, there are so many systems out there that aren't protected that hackers won't take the time.

"They'll just go and find another system that has no protection, and it's very easy for hackers to identify these systems, especially as we see the growth in broadband, because broadband is always on.

"All they do is send out "pings", which are notes that go out trying to find open systems. If something responds, it says: 'hey I can now go attack that system'.

"So it's not difficult for hackers to find vulnerable systems."

As night follows day, so do viruses follow proof of concept.

But one thing is for sure: the whole IT industry, not only the anti-virus software manufacturers, is now focused on solving this problem.

Our part of the bargain is to keep our protections up to date and to stop downloading sleazy software.


Click Online is broadcast on BBC News 24: Saturday at 0745, 2030, Sunday at 0430, 0645 and 1630, and on Monday at 0030. It is also shown on BBC Two: Saturday at 0745 and BBC One: Sunday at 0645. Also BBC World.


Other items in this programme:



SEE ALSO:
Virus writers focus on image bug
24 Sep 04  |  Technology
'Game virus' bites mobile phones
11 Aug 04  |  Technology
First Pocket PC virus discovered
19 Jul 04  |  Technology
First mobile phone virus created
16 Jun 04  |  Technology


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific