News Stay informed about the latest enterprise technology news and product updates.

Worms may be losing their bite, thanks to enterprise prevention

Bigger companies have the resources and experience to block executable files at the e-mail gateway and to patch vulnerable systems. These precautionary measures have reduced recent worms to little more than a nuisance.

Have enterprises finally caught up with virus writers and muted the effects of the e-mail worm?

If Bugbear and Klez are any indication, then the answer is yes, according to several users contacted by

FOR MORE INFORMATION: news exclusive: "Common security mistakes still haunt enterprises"

SearchSecurity Featured Topic: Five security blunders news exclusive: "Guard against Bugbear using these tips"

SearchSecurity Featured Topic: Virus alert -- Bugbear

Feedback on this story? Send your comments to News Editor Michael S. Mimoso

True, both pieces of malicious code spread rather easily on the Internet, but corporate users cannot be blamed this time, users said. Klez and Bugbear both were labeled as either a nuisance or a worm of no impact to enterprises in separate polls of users. (A total of 92% of respondents to the Bugbear poll and 84% of respondents to the Klez poll chose one of those responses).

"Plain and simple, enterprises have finally begun to learn the consequences of lax security -- especially where virus defense is concerned," said Aaron J. Smith, owner and consultant with A.J. Smith & Associates. "I believe that IT departments are far more conscious of security now, and upper management is a little more willing to listen and to spend. These are direct effects of the past couple years' virus activity."

Small and medium-sized businesses don't have the resources or expertise in many cases to combat viruses and worms in a similar manner, and it's here and with home users that malicious code finds fertile breeding ground.

"A lot of the problem has to do with management in enterprises and the talk about ROI (return on investment) and security," said Steve Mencik, a senior security engineer for ACS Defense, a Burlington, Mass.-based system engineering and development services provider for military and commercial organizations. "How can you spend money on security and ever show a return on investment? Security prevents a loss. It doesn't generate a profit. It's a lot like buying liability insurance. That doesn't generate profit either, but businesses understand that they better well have it.

"A lot of senior managers haven't figured it out yet that if they don't have security in place, it can cost them a lot of money."

Large businesses, however, have learned to block executable files at the gateway and have taught users not to open strange attachments. This has put a halt to the damaging possibilities Bugbear and Klez presented, rendering them only a nuisance in most cases.

"With the introduction over the past few years of better firewall technology and more education to users, the effect of viruses has been reduced dramatically within systems," said member Andy McNeil. "Viruses are also easily isolated with the correct procedures being put in place from the user to the system administrators."

Roger Thompson, technical director of malicious code research for TruSecure, has declared on more than one occasion the end of the e-mail worm era has arrived. Bugbear and Klez, for example, included new techniques like sophisticated spoofing mechanisms that would steal either legitimate e-mail addresses or messages from an infected machine's inbox and attach and forward itself along. Not only was this a new turn in worm writing, but a new bend on social engineering that gave both worms extended crawling power on the Internet.

Worm-writing techniques may be advancing, but authors of malicious code still prefer to exploit vulnerable vehicles in Microsoft applications to spread their work. Bugbear, for example, exploited an old flaw in Internet Explorer that would execute the attachment if merely viewed in the preview pane.

One user recommends eliminating vulnerable Microsoft vectors like Internet Explorer, Outlook, Outlook Express, VB Script and Java Virtual Machine and replacing them with other products to reduce the risk of exposure.

"IT staff appreciates less patching and updates," said member Dennis Jugan. "Users will adjust rather quickly and they'll appreciate that you've made an effort to remove the monkey from their backs."

Melissa, Code Red and Nimda caused billions of dollars in damage to enterprises worldwide by exploiting holes in Microsoft software. Patching vulnerable systems would go a long way in putting e-mail worms under ground for good, Aaron J. Smith said.

"New machines present new vulnerabilities, and old vulnerabilities go unpatched all the time. Any complacency at any point will allow a system to be compromised," he said. "So while Bugbear didn't move as fast as some expected, it still proves that systems are vulnerable out there, and awareness needs to increase."

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.