Experts Fear 'Digital Pearl Harbor'

New computer threats faster, more efficient

October 20, 2003
By Jennifer Beauprez Denver Post Business Writer

The SoBig worm that rocked business and home computer users a couple of months ago will strike again soon and this time more viciously, computer experts warn. "We've only seen the beginning," said Scott Chasin, chief technology officer for MXLogic, a Denver e- mail and virus filtering firm.

"It's a matter of bracing for the impact."Six new versions of SoBig have been released since January, each time fixing bugs and increasing the virus' performance and its ability to update itself automatically.Those releases come every two months, so computer security experts are bracing for an overdue round of attacks by the end of this year.

"Everyone (in security circles) is talking about it," said Mitchell Ashley, chief information officer at Latis Networks, a computer security firm in Superior. "We're trying to think ahead, and figure out how the virus could be leveraged in malicious ways and what we should be prepared for."

But SoBig will be tough to combat. The worm marks a new generation of smarter, more sophisticated rogue programs that can take orders remotely, take control of computers and even create more junk e-mail.These programs - which take the forms of viruses, worms and so-called Trojan horse programs - no longer need to use e-mail to spread or infect computers and can attack computers faster and more efficiently.

"The next-generation wave is smarter, scarier and more costly," Chasin said.An August attack by SoBig, for instance, interrupted freight operations at railroad giant CSX Corp. and disrupted passenger reservation systems at Air Canada.And the "Blaster" virus spread around the world in six minutes using network connections, not e-mail, to slow Internet activity dramatically and disrupt business for companies.

The number of computer viruses unleashed climbed 11 percent this year, according to TruSecure Corp., which tests computer security products in Mechanicsburg, Pa.Computer experts fear the future will be worse: The viruses easily could be used to steal sensitive corporate data, shut down vital power and transportation grids or steal personal information for identity theft, which involves racking up debt in someone else's name.

"At the rate things are going, we're in for big problems ahead," said Scott Berinato, senior editor of CIO Magazine. "The whole system is going to crash - a digital Pearl Harbor of sorts."Called "blended worms" or "cocktail viruses," this new generation can play dead for a while and then update itself automatically and receive new instructions from its author.And unlike previous viruses that could only attack one software vulnerability at a time, these cocktail viruses can look for 10 to 20 vulnerabilities inside a computer at once."Instead of breaking into the building, it's like sending a robot into a building and trying every lock it can," Berinato said.

Computer security experts also believe the SoBig virus could be used to send out millions of spam e-mail messages by hijacking infected computers and opening them up to become relays in a spam network.

To avoid prosecution, spammers often operate remotely and rarely use computer servers that can be easily tracked when sending out messages. By controlling infected computers, spammers can easily hide their location and identity and send out even more mail."This provides an economic incentive for virus authors," said Chasin of MXLogic. "It can turn your computer into a mini-spam factory."And as more people use broadband Internet networks and leave their computers on all the time, the infections will spread even faster, said Bruce Hughes, TruSecure's director of malicious code research.

Moot are the warnings by security experts to never open attachments from unknown e-mail senders. These viruses don't need e-mail.They can attack computer servers instead of PCs and can spread via file-sharing services, such as the networks millions of people use to share music files.Ready-made "virus kits" found on the Internet only make it easier to unleash the attacks.

And computer users are more at risk today than ever because the software on their PCs is more complex. Newer software with more features often means more lines of computer code and thus a greater chance of errors that bad guys will try to exploit."People make 10 to 20 errors for every 1,000 lines of code," Berinato said. "The new Windows XP has 45 million lines of code, so you're adding thousands of vulnerabilities."

So what can a computer user do?Get anti-virus software and keep it up to date. "There are so many new viruses, you really need to update it weekly," said Hughes of TruSecure. "We used to say monthly and that's not any good anymore."Be sure to regularly install Microsoft's automatic updates for its Windows products.Consider installing a firewall, which restricts access to your computer. "They're more difficult to use, but they work magnificently," Hughes said.Corporations also should block executable attachments to e-mail before they come into company networks, he said.

But to ultimately win the war on viruses, software companies must focus more on making their products more secure rather than simply adding more features, Berinato said.Lawsuits may make that happen, by shifting liability to software vendors.Microsoft Corp. faces a class-action lawsuit that alleges the software giant's market-dominant software is vulnerable to viruses capable of triggering "massive, cascading failures" in global computer networks.

"People have to learn how to develop software better," Berinato said. "And we, as consumers, must demand better. We're headed toward some kind of major event unless people get their act together."

http://www.denverpost.com/Stories/0,1413,36~33~1710294,00.html