Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/2/2010
01:19 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Significant Worm and Virus Attacks of The Decade

We certainly thought viruses and digital exploits were a nuisance throughout the 1990s. But there was nothing like the Morris worm that played havoc on Internet users on November 2, 1988. That all changed in the spring of 2000, and what a can of worms the oughts turned out to be. And how quaint the malware of the 1990s looks in comparison.

We certainly thought viruses and digital exploits were a nuisance throughout the 1990s. But there was nothing like the Morris worm that played havoc on Internet users on November 2, 1988. That all changed in the spring of 2000, and what a can of worms the oughts turned out to be. And how quaint the malware of the 1990s looks in comparison.It was May 2000 when one of the most costly worms of all time struck. And it struck hard. It was the ILOVEYOU worm. I remember booting my PC that morning to find dozens of notes from associates, sources, PR professionals, and co-workers all professing their love for me within the e-mail's subject line. This bug purportedly cost billions to cleanup, by at least one estimate. Computer users hadn't seen anything like it in roughly 12 years. Then, it wasn't until the summer of the following year, July 13, 2001 when the Internet Went Red with another worm, Code Red. The following month, Code Red II struck. And then on September 18, 2001 - as if the country didn't have enough to deal with that week - the Nimda worm struck and infected systems through various vulnerabilities in Windows and backdoors left by Code Red II.

These worms, and their associated hits to productivity and costs to cleanup had caused Microsoft an extraordinary amount of embarrassment. And this led to, in large part, the beginning of that company's Trustworthy Computing Initiative. We covered the beginnings of that movement in this lead news story, Software's Challenge. In those days, malware was highly visible and often deliberately destructive, and the reputation of Microsoft took a hard hit. Today, thanks to its secure coding efforts, Microsoft arguably has the most advanced secure software development practices in place. While flaws are still many, Microsoft has the development processes in place most any ISV could learn from. Although there's plenty of work left undone, to say the least.

Those infamous worms of 2000 and 2001 where quickly followed by a pair of equally infamous worms in 2003. First up, in January of that year, was the SQL Slammer worm, which exploited vulnerabilities in Microsoft SQL Server and MSDE, and caused significant disruption across the Internet. Then in August came Blaster, which struck the same week as the serious NYC blackout.

In the next year, the face of worms would change dramatically with the release of Santy. Santy, was one of the first - if not the first - web worm and propagated through a phpBB vulnerability and found potential victims through Google. It's estimated that more than 40,000 sites were infected by Santy.

While botnets had been a problem since the infamous distributed denial-of-service attacks that temporarily shut down major online properties in 2000, such as CNN and Yahoo, it wasn't until the Storm Worm began propagating in January 2007, social engineering its targets to open an e-mail promising information about a significant storm that had gone through Europe. Users who opened the e-mail and became infected by the payload became part of a huge botnet, up to 10 million systems by the fall of 2007.

The storm worm was followed that same year by Conficker (or Downadup), which became the most significant computer worm since 2003's SQL Slammer, with millions of infected systems around the world, and major updates to the worm occurring through April of this year. The most recent version, known as Conficker E installs a spambot and a copy of a scareware package. In fact, throughout 2009, rogueware and infected web sites went off of the charts.

The biggest change in malware, over the past decade, has been its evolution from viruses and worms that propagated for the sake of propagation or the destruction of data - as they did for about 15 years - to vast silent infections, spyware, and botnets developed for profitability and to become lasting Internet fixtures.

What will the next decade in malware bring? More of the same, only slightly different. Here are a few predictions:

Malware will grow even more stealthy, with the authors' goal to improve the processes associated with infecting as many systems as possible, for as long as possible without detection. That means more botnets, rootkits, and Trojans. We won't see many more Code Red or SQL Slammer type outbreaks.

Professional attackers will increasingly turn to specialized, highly-targeted attacks designed to compromise an individual, or specific organization.

Malware will have greater impact on physical devices. Think hacking the smart grid and medical devices.

Counterfeit software and hardware will become significant security issues.

At the 2020 RSA Security Conference, Art Coviello will once again give a keynote suggesting that information security needs to be woven into the fabric of the IT infrastructure. It won't happen. IT security efforts will continue to play perpetual catch-up with both new technologies and attack techniques.

For security and business-technology observations throughout the day, follow me on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8344
PUBLISHED: 2020-09-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-8347
PUBLISHED: 2020-09-24
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.
CVE-2020-8348
PUBLISHED: 2020-09-24
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.
CVE-2020-15850
PUBLISHED: 2020-09-24
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value i...
CVE-2020-15851
PUBLISHED: 2020-09-24
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories.