Have enterprises finally caught up with virus writers and muted the effects of the e-mail worm?
If Bugbear and Klez are any indication, then the answer is yes, according to several users contacted by SearchSecurity.com.
True, both pieces of malicious code spread rather easily on the Internet, but corporate users cannot be blamed this time, users said. Klez and Bugbear both were labeled as either a nuisance or a worm of no impact to enterprises in separate SearchSecurity.com polls of users. (A total of 92% of respondents to the Bugbear poll and 84% of respondents to the Klez poll chose one of those responses).
"Plain and simple, enterprises have finally begun to learn the consequences of lax security -- especially where virus defense is concerned," said Aaron J. Smith, owner and consultant with A.J. Smith & Associates. "I believe that IT departments are far more conscious of security now, and upper management is a little more willing to listen and to spend. These are direct effects of the past couple years' virus activity."
Small and medium-sized businesses don't have the resources or expertise in many cases to combat viruses and worms in a similar manner, and it's here and with home users that malicious code finds fertile breeding ground.
"A lot of the problem has to do with management in enterprises and the talk about ROI (return on investment) and security," said Steve Mencik, a senior security engineer for ACS Defense, a Burlington, Mass.-based system engineering and development services provider for military and commercial organizations. "How can you spend money on security and ever show a return on investment? Security prevents a loss. It doesn't generate a profit. It's a lot like buying liability insurance. That doesn't generate profit either, but businesses understand that they better well have it.
"A lot of senior managers haven't figured it out yet that if they don't have security in place, it can cost them a lot of money."
Large businesses, however, have learned to block executable files at the gateway and have taught users not to open strange attachments. This has put a halt to the damaging possibilities Bugbear and Klez presented, rendering them only a nuisance in most cases.
"With the introduction over the past few years of better firewall technology and more education to users, the effect of viruses has been reduced dramatically within systems," said SearchSecurity.com member Andy McNeil. "Viruses are also easily isolated with the correct procedures being put in place from the user to the system administrators."
Roger Thompson, technical director of malicious code research for TruSecure, has declared on more than one occasion the end of the e-mail worm era has arrived. Bugbear and Klez, for example, included new techniques like sophisticated spoofing mechanisms that would steal either legitimate e-mail addresses or messages from an infected machine's inbox and attach and forward itself along. Not only was this a new turn in worm writing, but a new bend on social engineering that gave both worms extended crawling power on the Internet.
Worm-writing techniques may be advancing, but authors of malicious code still prefer to exploit vulnerable vehicles in Microsoft applications to spread their work. Bugbear, for example, exploited an old flaw in Internet Explorer that would execute the attachment if merely viewed in the preview pane.
One user recommends eliminating vulnerable Microsoft vectors like Internet Explorer, Outlook, Outlook Express, VB Script and Java Virtual Machine and replacing them with other products to reduce the risk of exposure.
"IT staff appreciates less patching and updates," said SearchSecurity.com member Dennis Jugan. "Users will adjust rather quickly and they'll appreciate that you've made an effort to remove the monkey from their backs."
Melissa, Code Red and Nimda caused billions of dollars in damage to enterprises worldwide by exploiting holes in Microsoft software. Patching vulnerable systems would go a long way in putting e-mail worms under ground for good, Aaron J. Smith said.
"New machines present new vulnerabilities, and old vulnerabilities go unpatched all the time. Any complacency at any point will allow a system to be compromised," he said. "So while Bugbear didn't move as fast as some expected, it still proves that systems are vulnerable out there, and awareness needs to increase."