The New Information Agenda. Do You Have One? The lack of trusted information is a major concern for businesses worldwide. The information agenda is a comprehensive, enterprise-wide plan for creating, delivering, and exploiting trusted information. It allows CIOs to achieve short-term tactical and long-term strategic changes. »   The Outsourcing Decision for a Globally Integrated Enterprise: From Commodity Outsourcing to Value Creation The Outsourcing Decision for a Globally Integrated Enterprise Globalization and advances in technology have changed the way business gets done. Today, outsourcing helps make the globally integrated enterprise possible. And the decision-making process for outsourcing is changing — with CIOs playing a more strategic role. »   IBM CIO insights: Igniting Innovation By Fusing Business and IT The disconnect between business and IT leaders is nothing new. But in a highly competitive environment, where innovation is the key to success, this lack of integration can cause companies to stagnate, lose money, and miss valuable opportunities. CIOs need to take the lead in correcting this problem. This executive guide outlines the solutions and initiatives IT leaders need to implement to help bridge the gap. This executive guide offers the solutions and insights CIOs need to take the lead in building a more innovative, more successful company. »   How are Other CIOs Driving Growth? IBM interviewed over 175 CIOs to see how they're bringing together business and IT to drive growth and financial success. We found that organizations with high levels of integration have experienced a 9% return on investment, and a 6% return on assets. Want to learn what else they are doing? Read our Global CIO Leadership Survey. »

XML/RSS feeds EarthWeb IT Management news and headlines CIO Update headlines See more EarthWeb Network RSS feeds FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Enterprise Networking Planet Practically Networked HTML Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet HTML Virtual Dr. Text

Related Articles • Decrypting Encryption Myths • The Circle of Trust • Putting Patch Management in Perspective • Redmond's Client Protection a Good Bet

Special Reports • ITIL v3: Bridging the Gap Between IT and Business • Outsourcing’s Seven-Year Itch • The Productivity of Technology is in Jeopardy • Offshore Considerations for Infrastructure Management • Disaster Waiting to Happen • Friday’s Top 5 • Top 10 Money Savers for 2008 • Understanding the 10 Fundamentals of Any Business • 8 Great Training Tips from the Canadian Army • Enterprise Architecture and SOA: Two Tribes More Special Reports

IT Focus Tech Focus: Security Cybersecurity: Laws Only Go So Far Mozilla Firefox vs. Internet Explorer: Which is Safer? Is Your Blog Leaking Trade Secrets? The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip? Stopping Spammers at The Point of Sale

Today on EarthWebNews.com • Apeer Has an Eye For Media Collaboration • Centralized Security Reporting for Open Source • ooVoo vooms past Typical Video Conferencing • Techs Dodge Financial Fallout • Linux File Systems: You Get What You Pay For More EarthWebNews.com

14-Day Qualys Trial: Find Out in Minutes if Your Network is Vulnerable! Scan for the latest vulnerabilities & receive a detailed risk assessment report. Sign up now.

The Fourth Generation of Malware

By Peter Tippett

April 12, 2006: What do you get with 20 years of development? More and more potent malware, writes CIO Update columnist Peter Tippett of Cybertrust.

Worms, Trojans, viruses, denial of service attacks; many of these seem only to be recent threats to our network environments over the last five years. However, this past January marked the 20th anniversary of the Pakistani Brains virus—the first ever PC virus to replicate itself and spread from one computer to another.

Surely the viruses and Trojans of today are much smarter and in most cases, much more devious than those of 20 years ago. More importantly, today’s worms and viruses are mostly focused on criminal pursuits and theft, so they threaten an organization’s reputation, consumer trust and viability in the marketplace.

But, based on research, it’s quite fascinating to see how these destructive pieces of code have evolved into the threats we know, and fear, today.

The First Generation: DoS Viruses (1986 - 1995)

Beginning in 1986, the first generation of malicious code was comprised of DoS viruses, which infected the operating system and programs of a PC.

You might remember Brain, Lehigh and Form, which infected floppy drives hard drives, spreading through sneaker nets, or non-networked computers. As the Boot-viruses matured, they were able to infect the boot sector of data disks, spreading slowly over several years for their infected numbers to peak. Boot-viruses soon evolved to infect widely- used program files, such as WordPerfect.

Between 1986 and 1995, virus writers were more focused on obfuscation, with viruses becoming polymorphic (encrypted so as to require new virus scanner strings or better algorithms); hardened to avoid being destroyed by anti-virus solutions; stealth-like in their movement; and, bipartite—spreading by both boot and file means.

By the end of this first generation, more than 12,000 unique DoS viruses were written, with about 150 accounting for 95% of infections among PCs all over the world.

The Second Generation: Macro Viruses (1995 - 2000)

The first DoS virus generation ended with the advent of Windows 95 in 1995, and its stricter requirements for application code and segregation of code that ran at boot time.

Virus writers were not able to write Win32 assembler code, so they turned their attention to the macro language in the widely used Microsoft Office applications, and Word documents themselves began spreading the viruses. This evolution of code led to the second generation of malicious attacks via macro viruses.

Between 1995 and 2000, thousands upon thousands of macro viruses were written. However, fewer than 100 unique viruses actually infected PCs and systems.

The most notorious virus was Concept, which appeared in July 1995 and took nine months to reach peak infection; a growth rate that was three to four times faster than the most prolific DoS viruses at that time. But due to several layers of protection built into Microsoft Office applications and the presence of reliable heuristics in almost all anti-virus programs, the macro virus generation was cut relatively short.

The Third Generation: Big Impact Worms (1999 – 2005)

The introduction of high-impact, high-profile mass-mailer worms marked the beginning of the third generation of malicious code: Melissa (1999), “I Love You” (2000), Anna Kournikova (2001), SoBig (2003) and Mydoom (2004).

The highly prolific network worms, such as Code Red (2001), SQL Slammer (2003), Blaster (2003) and Sasser (2003) are also indicative of this generation.

This third generation of worms is responsible for much of the destruction that has paralyzed organizations recently. Each caused major or moderate impact to 20-to-60 percent of corporations. The average third-generation worm doubled its number of victims every one-to-two hours, rapidly reaching peak activity within 12-to-18 hours of being born. SQL Slammer, by far the fastest-spreading worm to date, infected a full 90% of everything it was ever going to infect in just ten minutes.

Mass-mailer worms work almost exclusively through social engineering, or by tricking the user to double-click on an attachment. Thankfully, many organizations now block the three primary attachment types (EXE, PIF and SCR), which has proven successful at blocking repeat occurrences of these third generation attacks.

Many companies have also implemented standard configurations, mini-hardening, router ingress and egress “default deny” access, network segmentation, and policies and education programs. With such broad, holistic education, standards, and other protections in place, many of the big impact worms’ attempts to destroy a PC or network have been thwarted.

The Fourth Generation: Malcode for Profit (2004 – to present)

The last three generations of malicious code authors wrote and distributed malicious code primarily to receive praise from peers and to gain notoriety. However, as we’ve entered the fourth generation, it has become clear that code authors are not looking for bragging rights, but rather cash—and lots of it.

Malicious code authors have found a variety of ways to make a profit, ranging from click-ad revenue to the direct heist of monetary vehicles such as credit card numbers, blackmail and the resale of malicious code resources by the technical master to criminals.

The threat of identity fraud and information theft has become increasingly real over the last two years, with major security breaches at CardSystems, DSW and ChoicePoint, among more than 100 others.

This generation is in many ways increasingly insidious, with its criminal code authors working to stay under the radar. Bot-herds driving millions of zombie (infected) computers to perform numerous different malicious tasks have become the norm. For example, more than 300 different variants of just the Mytob virus were released during 2005 each trying not for massive infection, but instead to gain an incremental one-or-two percent of victims.

More than half of file attachments are in .ZIP files, including encrypted .ZIP files, which are much harder to inspect at our borders. Once infected, these machines are used for almost all types of secondary attacks, phishing, pharming, further distribution of malcode, launching exploits, scanning for vulnerable computers, sending spam, proxyin other attacks, sales of technology and services to organized crime, and more.

The last year has inflicted harm on many consumers with phishing, where constantly evolving messages have been used to trick consumers into giving up login credentials; typically orchestrated via a fraudulent website or email. While recent efforts to warn companies and consumers about the threat of information theft are commendable, hackers and authors grow smarter and more sophisticated with each attack.

Over the last twenty years, worms have used all types of replication vectors, which of course increase with each advance in technology. Authors have worked diligently to have their worms and Trojans avoid detection and reach more victims with every iteration. For instance during this fourth generation, we’ve witnessed Backdoors, Trojans and root kits that enable the free reuse of the infected computer, and bots that create ‘zombies’ out of a network of computers that allow the malcode perpetrator to orchestrate responses among tens of thousands, or even millions, of victims at a time.

With each generation of malware growing more complex and devastating, it’s become increasingly important for CIOs to know not only who is on their network, but who is accessing their network.

While there isn’t an end-all-be-all solution to wiping malicious code authors off the face of the Earth, having the best security policies and procedures in place will help enterprises avoid a crippling network attack that not only puts information at risk, but impedes productivity and ultimately damages the bottom line.

To do this, CIOs and CSOs must work together to achieve a security strategy that aligns with the organization’s business goals to best protect the network from today’s threats, and proactively tackle the threats of tomorrow.

Peter Tippett is CTO of security vendor Cybertrust and chief scientist for ICSA Labs, a division of Cybertrust. He specializes in the utilization of large-scale risk models and research to create pragmatic, corporate-wide security programs.

Tools:

Add www.cioupddate.com to your favorites Add www.cioupddate.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed

• Return to CIO Update Index
• Return to www.cioupdate.com Homepage