Computer viruses are getting more sophisticated, and hackers could soon carry out terrorist attacks by email, writes Karlin Lillington
With the arrest of an 18-year-old Minnesota high school student last week, many computer users breathed a sigh of relief. The FBI seemingly had nailed one of those nasty computer virus writers, and maybe - just maybe - the tide was beginning to turn against the hackers who have flooded the Internet with damaging programs in recent years.
The arrest was timely. Viruses have been big news, with computer users suffering through a batch of attacks this summer by viruses and worms with ear-catching names like Slammer, Natchi, Blaster and SoBig. No sooner do we download and install a patch for one, than another comes along. And they just seem to get worse and worse.
Yet viruses are a relatively recent phenomenon. Though computers have been in existence now for several decades, only the advent of the home computer created the right conditions for virus writing. Suddenly, computers were devices that the masses could own, no longer the reserve of elite groups of researchers using closed networks they could keep to themselves.
The perfect conditions for a virus explosion were simple: average people who knew little about computing could now own lots of complex machines whose operations could be altered simply by writing some lines of computer code. A hacker didn't need to have physical access to all those PCs at all, because people transferred information between machines all the time using computer disks or the Internet, two perfect mediums for carrying and spreading malicious code.
Thus, the first ever computer virus came right on the tail of the first mass wave of home computer buying. It is believed to have been created by two Pakistani brothers in 1986, who noticed that a segment of a floppy disk could be used to hold more than just the instructions for the computer to open the disk. The virus didn't do much - it was intended to keep people from making illegal copies of the brothers' programs, and just inserted a small copyright notice. But others quickly realised that it wouldn't be difficult to sneak a whole lot more than a benign copyright notice into a computer.
Today, computer users are under assault from programs that grow ever more sophisticated, merging aspects of worms (which propagate themselves automatically across the Internet) and viruses (which don't) into superviruses that cause billions in damage. But it gets even more unpleasant - today's viruses may be the templates for programs that could take control of your computer and use it for terrorist attacks on critical infrastructure - air traffic control, power grids, defence systems. When the electricity grid went down across several American states and parts of Canada, many computer experts thought at first it might be cyberterrorism. Thankfully, it wasn't - this time.
But the damage inflicted by a worm like SoBig - which has been released in seven versions already, the last being the nastiest - is crippling enough. Across the State, entire companies ground to a halt as SoBig flooded networks with emails and in some cases, took over computers and forced them to send out thousands more emails, each infected with a copy of SoBig.
Others had protected systems that could handle the onslaught, but the volume of infected email corralled by company systems administrators (the front line of human defence for company networks) is staggering. Baltimore Technologies reports that it had trapped 10,000 rogue emails on the first night of SoBig's rampage. New World IQ, another technology company, was getting 15,000 emails a day, while one Irish university is still filtering out 8,000 emails daily, several days after SoBig's initial run.
"With the growth in use of information technology and access to the Internet, problems are affecting systems more than ever before," says Donal Cunningham, head of the Systems Administrators Guild, Ireland (SAGE-IE).
He also notes that as more people get always-on, broadband connections to the Internet, hackers will have an even easier means of spreading viruses and worms. An always-on connection means that a computer is theoretically hackable around the clock.
Hackers routinely send out probes to scan for vulnerable PCs that are on the Internet. What they're looking for, says Cunningham, are unprotected or poorly-protected "ports" - the little electronic doors a computer uses to send and receive information over the Internet. A hacker can send in a virus or worm through an open port and then actually take control of the operations of that PC anytime the computer is online, in most cases without the user ever even noticing it. Such PCs are then known as "zombies" - slave PCs that will do a hacker's bidding. Hackers might use the space on the PC's hard drive to secretly store files. Or - as with SoBig - the PC can be used as a transmission station, sending out millions of emails, each one containing a copy of SoBig to infect another PC.
The way in which SoBig works makes many in the computer security industry suspicious that the program is the work of someone who wants to use others' PCs to unwittingly send out "spam", or junk email. Spammers are under fire from lawmakers and Internet service providers, and their ability to send out junk emails for herbal Viagra, mortgages and dicey investment opportunities is under threat. A secret spam relay method would be something many spammers would pay well for.
But a spam network seems the least of our worries, if you consider that many security experts think this type of virus, which replicates quickly and can invade and then subversively take control of PCs, could be used for truly frightening purposes. For this reason, the US Department of Homeland Security elected to put over $3.5 billion into a fund to improve American government IT infrastructure and IT security this year. The department recently launched the National Cyber Security Division, a 60-person unit responsible for posting computer security alerts.
Does all of this mean a retreat to quill and pen? Of course not, says Williams. Companies and individuals need to make sure they have adequate protection in place for both their networks as a whole (if they have one) and for individual PCs. That means up-to-date anti-virus software - ideally with an automatic updating system turned on, so that the program regularly scans to see if new virus definitions and protections are available anytime a computer user goes online.
Companies, as well as home computer users with always-on Internet connections, also need a "firewall", a kind of network prophylactic that forms a protective barrier between the traffic out "in the wild" on the Internet, and a home or business network. Cunningham notes that people also need to be sure that their operating system software is up to date and has the latest patches for any vulnerable places that could be accessed by viruses or worms.
Even with all the right stuff in all the right places, systems administrators know the next assault is just around the corner.