Malicious coders and hackers are constantly finding new ways to circumvent security precautions, and this isn’t likely to change in 2007. While a solid anti-virus program is a good bet, the best way to avoid costly mistakes is to stay tapped into the latest developments in the fast changing computer world, said David Marcus, Senior Research and Communications Manager for McAfee Avert Labs.
Researchers like Marcus, who keep a finger on the pulse of the malware underground, formulate yearly virus trend predictions, with the intent of helping users stay on the up and up. One of the biggest trends Marcus has pinpointed for 2007 is an increase in “zero day” attacks.
A zero day attack, as it’s known in the computer security industry, is an assault on an application possessing a previously unknown vulnerability, which is in turn revealed to the general population before being taken to the application’s vendor.
A good way to think of a zero day day attack is to picture a row of pristine houses with neat little gadgets such as electric garage door openers. If the houses are computers and the garage door openers are the applications, you’re a guy walking down the street with a universal remote who just found out that if you push the power button, some defect in all the garage door openers lets you open every garage on the street due to an unforeseen glitch.
In the computer world, the different terms, ‘vulnerability,’ ‘exploit,’ and ‘virus,’ can get confusing. The difference between each is fairly simple.
Think of a vulnerability as a back door into an application. For example, if there’s an extremely popular music playing program that’s used by a large number of people, but it has a chunk of code that is poorly constructed, it might provide a loophole for the criminally minded. This is a vulnerability.
If the vulnerability is found and brought to the attention of the vendor who created the application, and it is subsequently fixed, the problem never progresses beyond this stage.
However, the internet is no utopia and the business world doesn’t always turn on a dime.
If the vulnerability is never brought to the attention of the application builders, or the builders fail to provide an update fast enough, a malicious programmer can string together a code sequence that allows him to take advantage the loophole. That code sequence, harmless on its own, is known as an exploit.
The final step, the actual virus, is a tightly wrapped program—not much different than a calculator or game program—that delivers the exploit code payload to your computer by attaching itself to the vulnerable application, which allows the coder behind the virus to take advantage of your system in various ways.
Problems for computer security experts can be compounded when malicious programmers start sharing exploit code strings and collaborate on building the actual virus program, a trend that has seen explosive growth in the last few years.
"On the bad guys side of the house, they do certain things very efficiently," said Marcus. "They communicate very effectively. They used to write things for bragging rights, now they’re more apt to collaborate."
In the new year, he expects to see this kind of collaboration grow, which poses difficulties for computer security experts due to the power of numbers. The more people working to perfect a program—malicious or friendly—the stronger the program gets.
A recent vulnerability exposed in the Apple’s QuickTime program illustrates exactly how this concept—from vulnerability to exploit to virus—works. The end product, the new QuickTime virus, represents a hybrid virus style that could take off in 2007.
"The advantage the malware writer has is they can always look for the new vector and always test against antivirus programs," said Marcus. "The Symantecs and the McAfees can’t do that."
In a nutshell, the QuickTime virus is unique because it works on both Windows and Macintosh platforms. Generally a virus attacks one or the other due to fundamental differences between Windows and Macintosh operating systems, with an overwhelming majority targeted at Windows due to its reputation for leaky code, easy exploitability, and overwhelming market dominance.
Though Apple has an industry reputation for being a low-virus system, the QuickTime virus can take advantage of a Macintosh as easily as it does Windows. That dual capability set off alarm bells in December 2006 and on into 2007, said Marcus.
With the new Intel chips in Apple computers, allowing Macintosh operating systems to run Windows applications at native speeds, this kind of dual operability virus could see cross platform growth as well in the new year.
As 2007 marches on there’s no hard and fast rule for avoiding viruses, said Marcus. The biggest problem will continue to be the zero day vulnerabilities, and a mushrooming cloud of spam is expected to reach epidemic proportions in 2007 according to a wide range of experts, which may very well pose additional difficulties to all who love, or loathe, the Internet.
Leave a Reply