Home > Security News > No Cone of silence for this malcode
Security News:
EMAIL THIS LICENSING & REPRINTS

No Cone of silence for this malcode

By Edward Hurley
25 Mar 2004 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Peer-to-peer networks have been a boon for people who like free music and software. But swappers may find themselves downloading a worm or virus instead of the latest version of some video game.

So far, there have been few pure peer-to-peer worms. More commonly, mass mailing worms also have a peer-to-peer component. Often, the worm spreads more via e-mail, thus obscuring the fact that it can also spread via peer-to-peer networks.

Cone-E, which surfaced this week, is such a worm. It spreads primarily via e-mail but when it infects systems the worm creates copies of itself with different file names. Those files, with names such as "401 guitar tabs.chm," "adult check passwords.chm" or "Credit card numbers.chm," can be accessed by users of the Kazaa peer-to-peer network.

Or earlier this month, mass mailer Bagle-Q looked for folders with "shar" in the name and then copied itself to it using a variety of enticing names. For example, it could appear as "Adobe Photoshop 9 full.exe," "Matrix 3 Revolution English Subtitles.exe" or "Windows Sourcecode update.doc.exe."

Convincing social engineering is needed for worms to spread via peer-to-peer networks because there are no known exploits that would allow the worm to execute automatically, said Patrick Hinojosa, chief technology officer at Panda Software. "The social engineering is needed to exploit the human vulnerability."

Protecting against peer-to-peer works isn't that difficult. Blocking the software in the first place is the surest bet. A properly configured firewall that only allows specifically approved services in and out would do the trick, Hinojosa said.

If a company wants or has to allow peer-to-peer exchanges, then memory-resident antivirus software should be installed on desktops. Such protection would mean any downloaded file is scanned before it's executed.

The danger posed by peer-to-peer sharing highlights the need for multiple layers of protection. For example, many companies have gateway scanners, which are helpful because they stop worms before they hit the network and therefore save bandwidth, said Carole Theriault, security consultant at Sophos. However, such scanners don't protect against worms that spread via peer-to-peer networks.

"Antivirus protection at the desktop is paramount," Theriault said. "Worms can travel by so many ways including instant messages, peer-to-peer networks and even downloads from Web sites."



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   




More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts