Know your enemy: Past threats
Andrew Donoghue Old viruses shouldn't be thought of as dead and gone but merely lying dormant Keeping up with the latest patches and virus threats is difficult enough but security experts claim older viruses can still cause problems even if they aren't hitting the headlines anymore. Although so-called "legacy viruses" are slowly dying off, some old malicious code is still lying in wait to strike. Alex Shipp, senior antivirus technologist at MessageLabs, says viruses often live on for months and years after they are initially detected. Statistics from MessageLabs on the day this piece was written show that Klez.H-mm, a worm first seen in April last year, is still doing the rounds and rates as the fifth most active in the preceding 24 hours. Shipp explains although most businesses will have patched their systems against old malicious code, home users are not so diligent -- providing the perfect breeding ground for legacy threats. "Older viruses are still out there and every so often they get into company networks again. It only takes one machine to be unpatched," he says. Larry Bridwell from ICSA says these inactive viruses are analogous to fish thought to have disappeared from the seas. No one thinks much of them until "some fisherman in Madagascar pulls one out on a line." Although some viruses are likely to burn themselves out as they're too destructive or the virus writer has written an expiry date into the code, some legacy viruses represent a threat to complex environments. "For a single user it's trivial. If you have a million machines in a number of different places then it's a complex problem to deal with," says Symantec's US-based senior director of Security Response, Vincent Weafer. MessageLabs' Shipp claims that the antivirus industry has evolved and learned alongside its enemy -- so knowing what has gone before is vital to combating future attacks. He claims the same is true within companies where processes for dealing with previous attacks, such as educating users about opening attachments, will help with the new threats. "I think we have been all learning as the problem goes on. You need to evolve your defence alongside the threat; things like partitioning off your network so a virus or worm can't spread across the whole company," he says.
|
Andrew Donoghue Part II: Old viruses shouldn't be thought of as dead and gone but merely lying dormant To help ensure your antivirus strategy is as bullet-proof as possibly, ZDNet UK has compiled this list of the major virus threats over the last three years and how to protect your system from them. For more information on virus protection see the IT Priorities Virus Toolkit.
November 2003: Milmail.j worm
November 2003: Mimail.c worm
September 2003: Swen
August 2003: Sobig.F
August 2003: Nachi worm
August 2003: MSBlast worm
October 2002: Bugbear worm
April 2002: Klez.H
December 2001: Goner
September 2001: Nimda
July 2001: Code Red
July 2001: SirCam worm
June 2001: MsWorld virus
March 2001: Lion virus
February 2001: Gnutella worm
|