Information Security News mailing list archives
Analysts: Costly "Love" virus underscores security flaws
From: William Knowles <wk () C4I ORG>
Date: Thu, 4 May 2000 15:47:06 -0500
http://news.cnet.com/news/0-1003-200-1814907.html?tag=st.ne.1002.tgif.1003-200-1814907 By Paul Festa and Joe Wilcox Staff Writers, CNET News.com May 4, 2000, 1:10 p.m. PT A new virus sweeping through computer systems today will likely be the most costly yet and could put new pressure on software companies to address code-writing techniques that have led to persistent security problems, analysts said. The virus, dubbed "I Love You," has already affected thousands of corporate sites, according to security firm Symantec, some of which were forced to shut down their email systems in an effort to choke it off. A partial list of those affected by the virus confirmed by CNET News.com were Silicon Graphics, the Department of Defense, DaimlerChrysler, The Motion Picture Association of America, the Federal Reserve and Cox Cable. The cost of lost business for such defensive actions alone could far outstrip costs attributed to previous attacks by viruses such as Melissa, which rang up a stinging $80 million price tag. Unlike Melissa, the I Love You virus has the ability to destroy data, which could drive potential costs considerably higher. The virus wipes out certain pictures and music files. "In terms of spreadability, this will outrank everything we've seen so far," said Vincent Weafer, director of Symantec's AntiVirus Research Center (SARC). "Just based on initial reports of infections and potential infections, we're talking thousands of corporations around the world." Mike Wittig, chief technology officer of firewall maker CyberGuard, would not estimate how much the outbreak could cost corporations. But given that the virus has shut down major organizations and potentially "10,000 companies or more are infected," billions of dollars in damages "would not be an unreasonable estimate," he said. Analysts and victims of the virus say the parallels with Melissa extend largely to the mechanics of transmission and the silencing of some email systems. Beyond that, today's worm is leaving Melissa in the dust. "This one is not that different from Melissa, and it spread outrageously fast," said Michael Zboray, chief technology officer for market researcher Gartner Group. As with Melissa, many companies' first response was to shut down email systems, paralyzing operations. "In any kind of communications-intensive company, email is the de facto standard for communicating inside and outside the company," Zboray said. He would not estimate potential damages other than to say they would be in the billions of dollars. Others agreed that I Love You has the ability to leave greater destruction in its wake than did earlier viruses. "This is going to be expensive to clean up in two areas," said security consultant Richard Smith. "It's going to be a big mess for companies to clean up their mail servers, and that's going to be much like the Melissa cleanup. But there is also file deletion, so if you are a Webmaster with files on your hard drive, there's the possibility of lost work here." Gartner Group estimates that in general, 40 percent of email messages coming into businesses have "dirty" attachments. "Many of these are merely irritating but benign infections," Zboray said. "You literally have to view your business as an island that you are defending, because the outside world is dirty, and it's not going to (get) clean." Pointing fingers at programmers Some analysts said the I Love You attack points to deep security problems. They noted that the virus takes advantage of well-known exploits involving Visual Basic script files, which end in the extension ".vbs." Visual Basic is a high-level programming language developed by Microsoft that is graphically oriented. Most Web administrators should know better than to run ".vbs" attachments from unknown sources, Smith said. But through shared drives on a network, a misstep by one person could infect an entire organization and fuel the spread exponentially. "If you're in an organization you can also mount drives that are on your servers," Smith explained. "In my old organization, we used to mount two or three server drives on an individual computer; Drive 'F,' for instance, on everyone's computer would be a particular drive attached to a server. So if someone in the organization runs the virus, it could infect files on Drive F. If someone else tries to run those files, it could further spread the virus." Zboray harshly criticized Microsoft for releasing a programming language with the "wrong security posture" to businesses and the public. "Visual Basic script and the macros are proving to be a disaster. This is just happening over and over again. We have to get away from this hostile active content that is coming in through Word documents, Excel spreadsheets and the browser. "You can say a lot of things (about) how Java's not good, and you can say JavaScript has a lot of flaws," Zboray said. "But the security posture from which they were designed was the right posture. The security posture from which ActiveX and VBScript were designed is the wrong posture." For its part, Microsoft attributes the ongoing security issues not so much to inherent problems with Visual Basic script and its macro language, but to bad people misusing good software. "We include scripting technologies because our customers ask us to put them there, and they allow the development of business-critical productivity applications that millions of our customers use," a Microsoft representative said. "Obviously, the technology can be misused by human motivation, and that's why we provide the security features for the customers to judge when the programs should be run or not." The Microsoft representative said that since last night, the software maker had been working with major virus makers to combat the problem, and that by this morning, most companies had updated their virus definitions to detect the bug. Microsoft is recommending as a first line of defense deleting email messages with the "I Love You" subject line. Long term, the Redmond, Wash.-based software maker also recommends that corporations reevaluate their email practices and always keep antivirus signature files up to date. Companies also must educate employees "not to run a program from an origin you don't trust," the Microsoft representative said. If there is a lesson to be learned from the outbreak and the speed at which the virus spread, it is how unprepared companies are--even those that added extra measures after the Melissa attacks, analysts said. "The only thing that works is to have centralized management of the virus systems on people's desktops," Zboray said. "We have an established record now; this is the only feasible recovery plan. You count on the virus vendor to update the signature fast...but only centralized management ensures you can update quickly and effectively." CyberGuard's Wittig said many companies can minimize attacks by using tools they already have. "Many companies don't enable the email scanning features that are available in a lot of today's firewalls, either because of awareness, complexity or performance reasons," he said. "Adding virus scanning has a performance impact on your network." *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Analysts: Costly "Love" virus underscores security flaws William Knowles (May 05)