Fizzer Worm Sparks Concern About Remote Security Risks

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/securitytopics/security/story/0,10801,81322,00.html

By JAIKUMAR VIJAYAN 
MAY 19, 2003
Computerworld 

Last week's Fizzer worm appears to have had little impact on corporate
networks, according to IT managers and analysts. But the malicious
code and spyware that such viruses leave behind on unprotected systems
could prove to be a long-term headache for companies, they said.

Fizzer represents an emerging class of worms that try to circumvent
increasingly sophisticated corporate defenses in a variety of ways.  
The worm was contained in executable attachments embedded in e-mail
messages with innocuous-sounding subject headers.

In general, companies that keep their antivirus software up to date
and have policies for filtering executable attachments would have been
protected against Fizzer, said Russ Cooper, an analyst at TruSecure
Corp. in Reston, Va.

Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa., said
IT and security managers who haven't yet taken such basic defense
measures are simply being "derelict in their duty."

But workers who dial into corporate networks from their homes and
other remote locations may not have full-blown defenses available to
them and are therefore more vulnerable to having their PCs infected by
such viruses, said Michael Allgeier, data security officer at the
Lower Colorado River Authority in Austin, Texas.

That could prove dangerous because of the payload carried by worms
like Fizzer. According to F-Secure Corp., a Helsinki, Finland-based
antivirus software vendor, Fizzer contains a built-in Internet Relay
Chat back door, a denial-of-service attack tool, a keystroke-logging
Trojan, an HTTP server and other components.

Such capabilities could allow hackers to remotely control compromised
machines and steal data from them or mine them for passwords, analysts
said. And connecting a compromised system to a corporate network might
let hackers burrow past other defenses.

"I think the biggest security threat today is remote users," said
David Krauthamer, director of information systems at Advanced Fibre
Communications Inc. in Petaluma, Calif. "It's becoming easier to gain
an access foothold to a corporate network."

"We don't have any control over remote workstations or home PCs or
kiosks or wherever it is that people access our networks from,"  
Allgeier said. "We can't really rely on personal firewalls and
antivirus software to detect Trojans and keystroke-loggers."

The Lower Colorado River Authority has begun to roll out software
developed by Austin-based WholeSecurity Inc. that scans individual
desktop PCs for malicious code. Allgeier said it's looking to deploy
the tool for remote users as well.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.