Virus 2000: Nasty and network aware

Be prepared: next year's viruses will spread fast and use more tricks than a Trojan horse to lure in users

Virus writers are finally catching on to something that tech companies have known for a while: If your applications don't use the Internet, you're behind the times.

For Web surfers, that means beware: From the year 2000, Internet-enabled viruses will be the rule.

"This next decade will be the decade of the worm," said Cary Nachenberg, chief researcher at Symantec Corp.'s Anti-virus Research Centre. "The virus writers see big potential for these worms because they spread so rapidly."

While not new, worms are computer viruses that use network connections to spread themselves to any connected computer. Normally, viruses are spread along with an infected program, which could be as fast as e-mail or as slow as a floppy disk being passed between two people.

With fast-spreading worms such as Melissa and ExploreZip showing the way, virus writers proved the efficacy of using the Internet to spread malicious computer code "at the speed of thought," as Bill Gates' ghost writer is fond of saying. Other writers, as well as "script kiddies" who copy others' templates, will further refine those successful self-replicating programs. A host of variants of Melissa and MiniZip (a refinement of ExploreZip) have already been released to the Internet.

"This network awareness, combined with the homogenous nature of the Net, makes for a most friendly breeding ground," said Sarah Gordon, senior fellow at IBM Corp.'s T.J. Watson Research Centre.

The problem with network-aware viruses that use the Internet to spread is that they can quickly outrun the ability of anti-virus companies to find a cure. Melissa spread to more than 100,000 computers in the first 24 hours, days before any anti-virus firm had a tested cure available.

"We continue to search for viruses only after the fact," said Rob Rosenberger, Webmaster of the Computer Virus Myths home page, a site that tracks hoaxes and attempts to offset the hype in the industry. "If airport security worked like virus security, terrorists would rule the skies."

IBM and Symantec are partnering to deliver something they think might solve the problem. Called the Digital Immune System, the network of expert systems and client software uses heuristics to recognise possible malicious code and then sends that code up to centralised servers to be analysed.

"These types of technologies are really the best technological model to ensure that the good guys will continue to stay ahead of the bad guys," said IBM's Gordon.

Problem solved? Not quite. When a recent virus known as Babylonia struck the Internet, early reports claimed that such automated systems failed to identify the code as a virus. In the end, old-fashioned human researchers were necessary to catch the coded culprit.

With human researchers continuing to be a critical part of any digital immune system in 2000, virus writers -- and their Internet-capable progeny -- will still hold the upper hand.