No escape from fear in cyberspace

That cyberspace is being flooded with virus and worm attacks is common knowledge, but the frequency and sophistication with which these negative tools are emerging is under the scanner. These worms are able to target various vulnerabilities in the software programs, thus posing many pertinent questions for software vendors. While patches are being issued, new vulnerabilities emerge even faster. At places, even the benefits of being online are being questioned by innocent home-users.

The worm Sobig. F and the vius MS Blaster hit almost at the same time. Sobig.F was the sixth variant of a new trend in worms which first appeared in January this year and spread through Microsoft Windows via e-mails and corporate networks. The August variant has been the fastest spreading worm and infected a few million PCs across the world in no time. It also for the first time involved making the infected PC a spam machine and thus facilitated the convergence of virus writing and spamming. Spamming on its own has been a major issue for users as well as internet service providers. Sobig.F entered into the PCs as an e-mail with an attachment which when opened infected the computer and then sent itself on to other victims using a random e-mail address from the address book of the infected PC. This prevented the actual tracing of the worm back to the source.

The other threat, the virus MSBlaster, did not show signs of malicious intent although it gave the message of damaging consequences. Also known as LoveSan, this virus infected office and home computers across the US and spread around the world, taking advantage of a security hole discovered in Windows 2000, Windows XP, Windows NT and Windows Server 2003 operating systems. It spread via internet connection on machines having the versions of Windows as mentioned. Besides crashing machines, the MSBlaster worm left instructions for the infected computer to launch a so-called denial of service attack for August 16 against Microsoft’s website, from where people could download patches. Thus virus attacks have become an issue for all end-users. It not only affects PCs, it also camouflages its source. The marriage of spamming techniques and virus writing itself is a new trend and could be another challenge to security companies and end-users.

On January 26 this year, there was a massive worm attack in the form of Slammer which slowed down internet traffic, stopped ATM machines from delivering cash and made dysfunctional airline and train bookings. People were then questioning the very basis of software program writing and the inherent flaws in them. When you command an ATM machine to deliver cash and it fails, many questions are raised in the user’s mind — the bank, the system all come under fire. Similarly, the “Mellissa” virus (1999), “I love you” (2000) and more recently Klez (2002) have crippled systems.

Viruses and worms have been active for some time now. They have become a topic of concern in government circles, among computer companies and hackers alike. The nuances of successfully thwarting such attacks have become highly critical, but there is no fool-proof solution available. The regular exploitation as well as reporting of vulnerabilities in an operating system like Windows raises many questions. The anti-virus companies are also having an interesting time. While they are harvesting on the emanating demand for their products, they are also being questioned about their response as also the software program writers.