Computer Crime Research Center

A Greater Threat than Software Viruses?

The biggest risk to organizations is active Internet content containing invisible software that enters computer networks and does damage.

Active Internet content, invisible software microbes that silently enter computer networks and provide sensitive information to outside agents, now poses a greater threat to companies than viruses, according to a report by the Aberdeen Group.

According to Aberdeen, many corporate networks, most consumer PCs, and almost all ISPs are now infected with active Internet content containing malicious software that performs tasks such as capturing e-mail handles, passwords, and keystrokes; silently enabling hidden network services and ports, from PCs through firewalls; and redirecting outbound data to offshore sites by spoofing DNS addresses. Unlike traditional viruses, active Internet content is generally not detectable through pattern-matching security technologies, which either don't look for active content or can't keep up with its rapid rate of change. In addition, they aren't restricted to specific payloads; harmful content has been found in e-mail spam bombs, on Web sites, and in simple text-based e-mail.

During the past few years, almost every home user and organization with PCs connected to the Internet has been exposed to new types of harmful software on Internet, according to Jim Hurley, vice president and managing director for Aberdeen Group and author of the report, "Active eIRM: New Realities for Managing Electronic Infrastructure Security."

"This content is now being used for electronic reconnaissance, electronic probing, mail marketing, spamming, electronic theft, cybercrime, cyberterrorism, electronic identity theft, and financial loss. Code Red and other well-publicized recent exploits are just the tip of a much larger problem," he says.

Tip: Researchers recommend you look for the following signs as indicators that you may be infected with active Internet content:
- Incoming e-mail with the user's e-mail address
- Degraded throughput and excessive disk drive chatter
- Unauthorized outbound connections to routers
- Web site defacements
- Unauthorized and uninvited instant messaging and peer-to-peer protocols
- Trojan horses embedded in IT maintenance software
- Automated redirection of network IP destinations

During the past year, many IT managers have begun to alter their plans and shift their focus to defend against harmful Internet content, leaks and assaults in and on the enterprise network, and business risk occurring form the misuse and abuse of e-mail and Web servers, the Aberdeen report indicates.

A new capability, the automation of security processes, is helping IT automate customized security processes throughout the enterprise. The result, active electronic infrastructure management security, is a step in the right direction for IT, especially for IT buyer who are perpetually overloaded and underfunded, Aberdeen says. When applied to the IT infrastructure, automated security promises more accurate risk measurement and management.


Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907

Rambler's Top100 Rambler's Top100