BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific

BBC News World Edition
 You are in: Technology  
News Front Page
Middle East
South Asia
Talking Point
Country Profiles
In Depth
BBC Sport
BBC Weather
Thursday, 8 August, 2002, 10:00 GMT 11:00 UK
Net security threats turn devious
Padlock and money, Eyewire
The costs of neglecting security can be high
BBC News Online's Mark Ward

There is a computer in the anti-virus research lab of McAfee that has suffered the attentions of more malicious programs than almost any other PC on Earth.

It, and a couple of others, get infected with any novel viruses that turn up at the anti-virus lab to help the researchers find out how the malicious programs work and how to combat them.

The machines are never-complaining prisoners, subjected to daily humiliations that, were the computers human, would have Amnesty International campaigning for their release.

As it is they do a very necessary job of helping to limit the spread and damage of the growing numbers of viruses.

Arms race

There are a lot of viruses around. MessageLabs, which scans e-mail messages for viruses, now regularly catches more than 30,000 per day.

When it started its scanning service in 1999, it was catching one per hour. In 2001 it got up to one every 30 seconds. Ominously, it says the rate is still rising.

Anna Kournikova, AP
Kournikova: Tennis player and virus
Neil Cowie, senior virus researcher at the McAfee lab, said it was now seeing between 150 and 200 new viruses per month. In total there are more than 30,000 documented viruses.

A tiny proportion of these win the grudging respect of the anti-virus researchers because they are so technically adept.

Mr Cowie said one virus that emerged in July tried four different tactics to fool anti-virus software.

This virus embedded a web link in a video clip. Playing the video would activate the link and download a file onto the computer. This file would then trigger another program that was the actual pernicious payload.

But, he said, few viruses try this hard to defeat anti-virus software. Typically the success of one virus usually produces a rash of similar malicious programs.

"We get an awful lot of copycat viruses," said Mr Cowie.

Virtual vandals

Virus writing kits can be downloaded from the web and anyone with a basic knowledge of programming can, by drawing on the work of others, swiftly produce a destructive program.

"Many enable a much less skilful person to use much more skilful methods," said Tony Dyhouse, a security director at Qinetiq which keeps computer systems safe for many organisations.

And it is not just with viruses that this copycatting goes on.

Yahoo homepage, BBC
Yahoo was hit by a denial-of-service attack
Soon after vulnerabilities are discovered in popular web programs, tools appear that make it easy for people to find them. Many novice malicious hackers get the tools and use them to search for vulnerable systems online.

"The tools that are used for attack and defence, in most cases, are the same ones," said Mr Dyhouse.

A sting set up by Dan Clements from anti-net fraud site CardCops and Karsten Johansson of a company called Penetration Test shows how clueless novice malicious hackers can be without these tools.

The pair leaked information about a vulnerable web server to a chat group on the net where budding bad hackers are known to congregate.

Less than 24 hours after the news was leaked almost 200 people had tried to hack the vulnerable server. Few noticed that the vulnerable software was supposedly made by Microsoft but the server was running Apache - two utterly incompatible programs.

Few of the hackers-in-training hid their location and did little to conceal what they did to the fake site.

Bad packets

When the tools made by others do work, they can cause enormous disruption for businesses.

Many organisations are now regularly plagued by denial-of-service attacks which bombard their web server with huge amounts of bogus data packets.

E-mail inbox, AP
The Iloveyou virus infected thousands
Many people who mount such attacks recruit so-called zombie machines as proxies to spew out the data on their behalf.

Gary Milo, founder and managing director of Berkshire-based Webscreen Technology, said it was helping some companies stop these attacks by analysing the traffic that is arriving.

Mr Milo said some attacks co-ordinate up to a thousand computers to send out data.

Webscreen's scanners build up a pattern of typical traffic and block data packets that fall below a given trust threshold.

"We just throw away the packets we do not like," said Mr Milo.

As the numbers of threats grows and hybrid attacks become common, more companies are realising that the price of security is eternal vigilance and that the cost of failure can be catastrophic.

See also:

22 Aug 01 | Science/Nature
30 Oct 01 | Science/Nature
30 Jun 01 | Science/Nature
28 May 02 | Science/Nature
22 May 02 | Science/Nature
19 Jul 02 | Science/Nature
20 May 02 | Science/Nature
Links to more Technology stories are at the foot of the page.

E-mail this story to a friend

Links to more Technology stories

© BBC ^^ Back to top

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East |
South Asia | UK | Business | Entertainment | Science/Nature |
Technology | Health | Talking Point | Country Profiles | In Depth |