Viruses, more sophisticated, menace the plugged-in world

Internet: As last week's attack on Google shows, programs that imperil businesses and computer users are getting more dangerous.

August 01, 2004|By Tricia Bishop | Tricia Bishop,SUN STAFF

When was temporarily brought to its knees Monday by a cyber virus, engineers at the world's most popular search engine barely flinched.

Within hours, they had restored service, issued a modest statement and felt the breeze from the global sigh that followed the successful counter of another attack. But such a comfortable rhythm of combat and cure is misleading, experts say. The danger of an Internet assault with catastrophic consequences is growing week by week.

"The threats are more sophisticated, and the stakes are higher," said Lawrence C. Hale, deputy director of the U.S. Computer Emergency Readiness Team, the operational arm of the National Cyber Security Division of the Homeland Security Department.

More than 50 new viruses are released every day - some targeting cellular phones and handheld computers - and security specialists at McAfee Inc. expect to catalog 18,000 new threats by the end of the year. As of April, attack victims had reported nearly 4 million incidents to the Federal Computer Incident Response Center.

Cyber threats are more diverse, dangerous and debilitating than ever. They come disguised as friendly programs or e-mail attachments. They leave secret back doors on computers, steal personal information and disable services. Without intervention, they can replicate themselves infinitely across the network that more and more people have come to rely on for everything from family communication to work performance.

The threats are often created by teenage social misfits, hungry to wield some sort of power, and they are difficult to stop because they change every day. The criminals are also hard to apprehend, hiding behind anonymity and a legal system that hasn't quite figured out how to coordinate law enforcement efforts to catch a foreign perpetrator whose program has local victims.

"It's not always easy when someone writes a virus in Brussels, takes a train to Paris and walks into an Internet cafe" to launch it, said Vincent Gullotto, vice president of McAfee's Anti-virus and Vulnerability Emergency Response Team, which is based in Oregon.

On Monday, Internet message boards were buzzing with news of an attack hours before Google's services went down. It was the new MyDoom worm, writers said, measuring the signs: slower Web traffic, increased e-mail output and specific sites as victims.

But this version of MyDoom was a virus like none before.

"The hook to this one is that it used four of the most widely used search engines," Gullotto said.

MyDoom sneaked in quietly as a worm - a type of parasitic virus that can replicate itself but not infect other computer files - attached to e-mail messages. Once opened, the attachment searched a computer for other addresses, sent itself to them and went out on the Internet in search of more. Within 24 hours, e-mail security specialists at New York-based MessageLabs Inc. had intercepted 600,000 infected e-mails from its clients, who include the British government and EMI Music.

Unintercepted messages went about their business of survival, with 45 percent of them programmed to send queries to search engine Google, 22.5 percent programmed to target Lycos, 20 percent aimed at Yahoo, and 12.5 percent seeking out AltaVista, according to Sophos global security specialists based in England.

The unknown author launched a similar attack on Microsoft the next day. That company has offered a $250,000 reward for information about the source.

"The fact that it exploited search engines was significant because it ate up the bandwidth," Hale said. "It actually slowed down the Internet. A couple of those search engines are the most widely used sites in the Internet."

The new type of attack overloaded its victims and disabled access to Google around the world. It also slowed service at the other search sites, costing time and money as millions of searchers were turned away. Companies hoping for Internet visitors were never found, and advertisements on the search engines were never displayed.

"If this was a wake-up call, then you've been asleep for a long time," said Chris Holland, an information security product manager at SafeNet Inc. in Belcamp. "We're getting one of these every week or so."

The first viruses to hit the public domain appeared in the early 1980s, spreading through pirated computer games.

In 1988, a 22-year-old from Arnold, Md., sent the first worm onto the Internet, disabling 6,000 computers and earning himself a $10,000 fine, 400 hours of community service and three years of probation, even though he said it was a graduate school project gone wrong.

By 1992, there were 1,300 viruses. McAfee estimates that there are more than 81,000 cyber threats swimming around today - some of them legal.

Malicious program codes such as viruses and their subcategories - worms, zombies (which leave a back door on a computer, letting an attacker in at will) and Trojan horses (which appear harmless but aren't) - are illegal, often created by young men with big egos.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.