Degradation: a new generation of computer worms

Suddenly the definition of a computer worm has changed. It used to be something that doesn’t require any action from a system user or administrator to install and propagate. From memory  – the Morris worm was mutiplatform one, it compiled itself upon arrival and used a vulnerability in finger daemon for propagation. More lately, SQL Slammer used a vulnerability in Microsoft SQL Server TDS network protocol implementation to propagate, and Sasser exploited vulnerability in LSA, the very core system service, making pretty much all Windows systems vulnerable. These are examples of sophisticated analysis and engineering.

That’s a rarity today. More recently we have new crop of virii – they have only propagation mechanism, and rely solely on human factor for installation. Exploit may not be required. Take Cabir, a well-publicised worm for Symbian OS. It actually requires two user actions: accepting file transfer and agreeing to install the software. And there  is Stration, a Skype worm that is now modified to propagate over MSN Messenger and ICQ connections. It also needs accepting the download, followed by double-clicking on the executable file (and perhaps ignoring Vista UAC warnings). Why no exploit? Perhaps the worm creators don’t have skills, but also they experience shortage of bugs to exploit.

Which means that software is getting better. Do the computer users get better? I think so. Meanwhile, the worms and viruses are definitely not getting better. I think economics have something to do with it.

Leave a Reply

Your email address will not be published. Required fields are marked *