Cyber Security Institute

Thursday, April 21, 2005

Worm Lull, Windows XP SP2 Keeping Outbreaks At Bay

E-mailed worms pose less of a threat and Microsoft has been lucky so far, said a virus researcher Friday in explaining why 2005 has been relatively quiet on the security front.

“2004 was distinguished by a number of major epidemics caused by e-mail worms such as MyDoom, NetSky, Bagle, and Zafi,” said Alexander Gostev, a senior analyst with Moscow-based Kaspersky Labs, in a report he authored on the security situation for the first quarter of the year.  “However, late 2004 and early 2005 were free of such outbreaks, with nothing on the scale of even the mid-sized outbreaks of 2004,” Gostev added.

The decline in destructive power of e-mailed worms may be due to anti-virus vendors developing new technologies to address them, including detecting worms in compressed .zip files and pre-scanning messages with executable attachments, but he also gave credit to Microsoft for patching several Outlook and Outlook Express vulnerabilities.

“The increased media focus on malicious code and security issues has resulted in end users being noticeably more cautious about opening e-mail attachments, especially those from unknown sources,” he noted. “They’ve been effectively displaced by network worms incorporating Trojan components,” he said.

Even though Microsoft has released a record number of patches in the first four months of 2005, “no new vulnerabilities as serious as the LSASS or RPC DCOM vulnerabilities have been detected in Windows so far this year,” said Gostev in his report.

Mass-mailed worms and vulnerabilities may be down, but phishing—as almost everyone knows—is on a rocket ride, and spyware is the security buzzword of the year so far.  “Several billion dollars are currently invested in virtual worlds and role-playing games, a sum equivalent to the budget of a small country.  Naturally, [that] hasn’t escaped the attention of cyber criminals.

http://www.techweb.com/wire/security/161501182