Computer Crime Research Center

Virus payloads bigger, nastier

(by Darren Greenwood)

'Experienced programmers switching to virus writing'

Virus specialist Daniel Zatz is hoping love blossoms for an 18-year-old Dutch woman and that the economies of Eastern Europe pick up.

Zatz, a Sydney-based security consultant for Computer Associates, warns that more serious viruses are on the cards for 2003 following a lull this year.

About 250 viruses a month have appeared in 2002, compared with 400 last year, he says, but the latest ones have been more damaging, with the Klez virus, now in its eighth variant, proving the most prevalent of all.

Zatz says this is because rather than being produced by 18 to 25-year-olds, the "script kiddies", many viruses are being written by 26 or 27-year-olds, often software developers in Eastern Europe "honing their skills" while unemployed.

Zatz also remains hopeful that a Dutch woman who goes by the name Gigabyte who wrote the Sharpei virus and maintains a virus-writing website, remains busy with her boyfriend hacker. She hasn't produced any viruses for a while.

Viruses continue to evolve, says Zatz, partly by existing virus code being "cut and pasted" into new viruses. For example, Goner was the first to try to remove antivirus software; Klez, Bugbear and Braid did the same.

"The real impact of Klez was to drop a virus called Elkern.cav, an 18-month-old virus, as a side-effect. Braid dropped the old Funlove virus as part of its payload," says Zatz.

The consultant, who was in Auckland and Wellington last month for a series of CA seminars on security strategy, says almost all of these email viruses have file extensions such .exe and .bat, which can be filtered out at the email gateway, but many organisations don't bother.

Looking to next year, Zatz says viruses may be more prevalent and more damaging, with a "tall poppy syndrome" keeping Microsoft as the top target. The software giant is good at putting out patches, he says, but it is "hard for it to keep up".

"Many joke that to create a virus, writers look at the [Microsoft] website to get patch details," he says. Virus writers are aware that people don't patch their systems or run out-of-date systems.

Zatz, who has been in the industry 15 years, says another factor is that IT security is "colliding" with physical security, with organisations also needing to verify their staffers are where they should be and doing what they are supposed to be. A recently launched CA product called eTrust, he says, can analyse user behaviour so employers can see if there is a risk posed by a staffer doing something unusual like working at odd hours.

As for Gigabyte, her website talks about a five-member clan called the Contagious Rebels that is seeking more virus writers, hackers and phreakers. Gigabyte says she has finished school and has been busy working for a computer company, but she is already "making plans for my next virus".


Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907
[email protected]

Rambler's Top100 Rambler's Top100