Personal Tech Pipeline | Worm Lull, Windows XP SP2 Keeping Outbreaks At Bay

White Papers

Sponsor Resources

Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

April 22, 2005

Worm Lull, Windows XP SP2 Keeping Outbreaks At Bay

Courtesy of TechWeb News

E-mailed worms pose less of a threat and Microsoft has been lucky so far, said a virus researcher Friday in explaining why 2005 has been relatively quiet on the security front.

"2004 was distinguished by a number of major epidemics caused by e-mail worms such as MyDoom, NetSky, Bagle, and Zafi," said Alexander Gostev, a senior analyst with Moscow-based Kaspersky Labs, in a report he authored on the security situation for the first quarter of the year.

"However, late 2004 and early 2005 were free of such outbreaks, with nothing on the scale of even the mid-sized outbreaks of 2004," Gostev added.

The decline in destructive power of e-mailed worms may be due to anti-virus vendors developing new technologies to address them, including detecting worms in compressed .zip files and pre-scanning messages with executable attachments, but he also gave credit to Microsoft for patching several Outlook and Outlook Express vulnerabilities. He even tipped his hat at the press for banging the security drum.

"The increased media focus on malicious code and security issues has resulted in end users being noticeably more cautious about opening e-mail attachments, especially those from unknown sources," he noted.

But while Gostev predicted that worms arriving as e-mailed attachments have seen their glory days, he warned that malicious code cutters haven't stopped, only moved on to more fertile ground. "They've been effectively displaced by network worms incorporating Trojan components," he said.

Another factor playing to everyone's benefit -- except hackers and attackers -- is a dearth of ¼ber-serious vulnerabilities in Windows.

Even though Microsoft has released a record number of patches in the first four months of 2005, "no new vulnerabilities as serious as the LSASS or RPC DCOM vulnerabilities have been detected in Windows so far this year," said Gostev in his report.

The most recent vulnerability that could have posed a serious threat was the WINS server bug detected in November 2004. "Microsoft issued a patch immediately, and there have been no significant cases of malware exploiting this vulnerability," said Gostev.

"The fact that older versions of Windows do not have critical vulnerabilities, and the encouraging trend of more and more Windows XP users installing Service Pack 2 gives hope for the future," he added.

"It seems that a more secure Windows environment is one of the main reasons for the relative quiet during the first quarter of this year."

Mass-mailed worms and vulnerabilities may be down, but phishing -- as almost everyone knows -- is on a rocket ride, and spyware is the security buzzword of the year so far.

Yet another area, however, that draws cyber-crooks like honey does flies, gets little attention, said Gostev: online, multi-player games.

"Several billion dollars are currently invested in virtual worlds and role-playing games, a sum equivalent to the budget of a small country. Naturally, [that] hasn't escaped the attention of cyber criminals. Some of the larger games, in fact, have been the target for literally hundreds of malicious Trojans designed to steal account information.

"It's more than likely that malicious code designed to steal [online game[information will continue to evolve rapidly," he concluded.

E-mail This Story
Print This Story
Reprint This Story

Get the latest Personal Tech news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?

In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.

On the CIO Agenda with IBM
With business growth back on the agenda, the role of the CIO is changing from manager of technology to C-suite collaborator in enabling innovation that matters for the business. Read an executive summary and register to download the full IBM paper.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

Block or Secure IM Use
IM threats up 250%. Protect your corporate network. Free Download.

Secure & Easy Console Management with Digi CM
The Digi CM console server provides secure, intelligent & easy access to network devices with a serial console port. With Digi CM, you can securely monitor & control servers, routers, switches & other devices even when your network is down.

Understand the financial impact of open source.
Will open source pay off? Open source is becoming standard within enterprises, often because of cost savings. Find out how much of a financial impact it can have on your organization. Get this methodology and calculator now, compliments of JBoss. Go!

Buy a Link Now

Top ten search terms from the TechWeb TechEncyclopedia
Stellent eSeminar "Approaches to Metadata Design" on March 23
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia