December 23, 2003, 3:47 PM — For computer security experts, 2003 started with the Slammer Internet worm and went downhill from there. The year, which included four major worm and virus outbreaks just in August, has been labeled the "year of the worm" and "the worst year ever" by more than one computer security expert.
All that activity meant good news for antivirus software companies, such as Symantec Corp. It was bad news for organizations of all kinds, which expended precious resources disinfecting everything from desktop workstations, to airline reservation systems and automated teller machine (ATM) networks that were hobbled by virus outbreaks.
Will 2004 bring more of the same, or will it be remembered as the year in which Internet users "took back the streets" from virus writers, malicious hackers and spammers? A little bit of both, say corporate security experts and computer virus specialists.
When it comes to computer viruses and worms, Internet users will not see any letup in virus outbreaks in 2004, despite high-profile prosecutions of some virus authors and a Microsoft Corp. bounty on the head of the original authors of the Blaster and Sobig viruses, according to Chris Belthoff, senior security analyst at Sophos PLC.
Prosecutions and bounties do not prevent crime in the physical world, and should not be expected to work any better online, Belthoff said. Such programs also misunderstand the motivation of virus writers, who are often looking for attention and recognition, rather than financial gain, he said.
The threat of a so-called "zero day attack," in which a virus or worm exploits an unknown and unpatched software vulnerability also looms as a worst-case scenario. A Blaster-style worm based on a zero day vulnerability could adversely affect computer networks and leave administrators with few options to protect network resources, he said.
Microsoft's operating systems and products will continue to be targeted by hackers and virus writers in 2004, said Belthoff and others.
Security exploits relying on buffer overflows in Microsoft product code will still be the most common avenue of attack. Hackers are also exploring "internal" vulnerabilities in Windows, like the RPC (Remote Procedure Call) security holes that produced Blaster, as well as Microsoft's .NET Web services framework, Internet Information Server Web server and Windows 2003 Server, one exploit writer, who uses the online handle "wirepair," told the IDG News Service via e-mail.
The wealth of new, unexplored code for.NET makes it fertile ground for hackers, agrees Mikko Hypp