While attackers are using viruses and worms to pave the way for spammers, virus authors also are also starting to use infected computers to release their wares and cover their tracks, said Craig Schmugar, virus research engineer for Network Associates, an anti-virus company based in Santa Clara, Calif.
"The line between spam and viruses will become even blurrier in the months ahead," Schmugar said.
| ____Tech Policy Year in Review____ washingtonpost.com's tech policy team members summarize major developments in 2003 and look forward to what 2004 holds for the debate over Internet taxes and the battles to can spam and stop Internet crime. |
Internet Security and Cybercrime: A look at the increasingly sophisticated nature of online crime.
Spam: Critics charge the new federal anti-spam law won't work.
Internet Sales Taxes: It may be 2005 before the state-led effort to tax Internet retail sales gains traction.
Internet Tax Moratorium: The states' rights issue collided with efforts to renew the Internet access tax ban. Will Congress cut a deal in 2004?
Tech Policy Wrap-up: Major developments in 2003.
Are You Ready?
Note: This is an unscientific survey of washingtonpost.com readers.
Too Many Patches
Internet security officials regularly urge consumers to practice safe computing, such as making sure they regularly update anti-virus software and deploy the latest security fixes from software firms like Microsoft.
But even the savviest computer users can't always keep up with the large number of security patches issued every year. Most Internet worms spread by exploiting unpatched security holes in software and operating systems. This year, as in the past, the big target has been Microsoft, whose Windows operating system powers more than 90 percent of the desktop PCs on the planet.
The "Slammer" worm kicked off the virus season in January, spreading with such unprecedented speed -- it infected more than 300,000 vulnerable Microsoft servers in less than 15 minutes -- that it clogged networks worldwide, crashing bank ATMs and delaying airline flights.
The "Blaster" worm made headlines in August by crashing or infecting more than a half-million PCs worldwide, attempting to hijack them for a coordinated attack on Microsoft's security Web site.
That attack ultimately proved unsuccessful, but security experts soon had to deal with the "Welchia" worm, a so-called good worm that was intended to patch the security hole exploited by Blaster. Welchia spread so quickly that it disabled many corporate networks for days on end. Welchia and Blaster remain among the Top Five most prevalent worms to date, according to Symantec Security Response.
Christmas Virus Season
Even as criminals can exploit a whole list of newly discovered vulnerabilities, SANS's Ullrich said he expects a bumper crop of new computers to be infected with old worms and viruses still circulating on the Internet as millions of consumers plug in shiny new computers they receive over the holidays.
"The trouble is, even if your intention is take the new PC out of the box, plug it into the Internet and download the patches, it doesn't take but a few minutes for one of these worms to find you, and then 'bam,' you're infected," Ullrich said. "Most won't survive the first day without getting hit with something."
CERT's Houle agreed, and urged consumers to learn more about how to protect their computers and install the latest security patches. Alternatively, he said, consumers should enable the software-based firewall that's included in the latest Microsoft systems before connecting their computers to the Internet.