Security Briefs: Encrypted Attachments Carry Threats

Sneaking vulnerabilities into the enterprise through encrypted attachments pose new problems; ISPs will spend $245 million this year to combat problems, in large part because of home users.

March: Worm In, Worm Out

Forget the lions and lambs. March was worm month.

Netsky dominated, though 15 new variations of Bagle also showed up. “Throughout the month it wasn't really a question of ‘if’ we’ll see another release, it was more of a question of ‘when,’” says Steven Sundermeier, vice president of products and services at Central Command.

Netskey accounted for over 70 percent of virus occurrences, says Central Command, far outpacing Bagle. Six of the top 10 worms, it says, were Netsky variations, with Netsky.d the most prevalent.

Kaspersky Labs, however, has a different read on the month, saying Nesky.b appeared most in March—over 50 percent of all incidents—while MyDoom.A was a distant second with 12 percent.

“Five new versions of Bagle appeared,” notes Denis Zenkin of Kaspersky Labs, though it includes the PSW Worm in that count, an “umbrella” which includes several versions of Bagle. “These differ from other worms in the Bagle family in that they spread in password-protected ZIP and RAR archives, and the password is either included in the message or contained in a graphics file. Such an approach is not new, but Bagle exploited it with great success. Incidentally, tricks like this have positively influenced the development of new antivirus technology,” he notes.

Antivirus vendors are still working to intercept encrypted and compressed worms.

Some viruses which should have died are still in force. “Naive or careless users managed to keep Swen, Klez.h and also three [Mimail] worms … in the ratings,” says Zenkin. On a good note, however, he says Sobig.f, the most prevalent virus of 2003, has finally disappeared from the top 20.

Central Command Top Virus List:http://info.101com.com/default.asp?id=6300

Kaspersky Labs' Top Twenty List: http://info.101com.com/default.asp?id=6301

Computing the Cost of Worms

Rampaging worms spoil the fun not just for users unlucky enough to get them, and the corporate administrators who must troubleshoot them, but also for independent service providers (ISPs). Every time there’s a worm outbreak, Internet use spikes, making it difficult for ISPs to provide reliable connectivity.

In short, worm outbreaks cost money. True, so does spam. Security experts say roughly 50 to 75 percent of all e-mail is spam, which raises connectivity costs for all companies.

Given the sheer volume of traffic handled by ISPs, however, viruses and worms flowing over the wire are also a concern. Any increase in activity can make it difficult to provide service, and increased network use means increased costs.

How much does this cost? According to research conducted with customers and industry sources, vendor Sandvine says this year worms will cost North American ISPs $245 million. Included in that figure are response teams, increased use of customer support, and the loss of network bandwidth.

“Worms exact a massive toll by forcing service providers to mobilize premium resources in order to quell attacks, and protect the subscriber experience,” says Sandvine vice president of marketing and sales Tom Donnelly.

Residential ISP customers are a special problem. Sandvine says approximately five percent of residential users’ PCs are “infected by some kind of worm and either actively propagating it or generating malicious traffic.”