| Fortunately, since I've been fighting malicious mobile code since 1987, I've been able to see what it has done in the past, and how it has exploited the future. One thing is guaranteed about malicious mobile code writers, what becomes popular becomes exploited. Here are my thoughts about the future of various malicious mobile code types. 15.2.1 Malicious Code Popularity Will Increase Here's the good news: DOS boot and executable viruses will decrease. Windows executable viruses will decrease. That's it. That's the end of the good news. In the short- term future, macro viruses will continue to spread in popularity. Eventually, Microsoft (and third parties) will produce reasonable default security to prevent malicious mobile code exploitation. Trojans, worms, and viruses (which attack other platforms) will continue to grow. Remote access Trojans will grow in number and eventually cause a national news event (remember you read it here first). DOS viruses had their day with Michelangelo. Macro viruses had theirs with Melissa. VBScript viruses had theirs with Love Letter. In each case, the public was warned and did little to protect itself. Eventually, a malicious writer makes one small change that makes their rogue program spread around the world. The world reacts, stunned by the act, preventative actions are taken, and the rogue code is forgotten about two weeks later. Only this time, the hackers will have valuable data. Ditto for an Internet browser-based attack. Almost weekly I read about a bank's web site being compromised, a popular commercial site allowing user 's financial information to be stolen, and a hospital's web site allowing unauthorized viewing of medical information. These are only the attacks getting publicized. The majority of the break-ins are probably not even noticed. The hacker breaks in, looks around, and leaves because he doesn't find anything of interest. Or maybe the hacker drops off a Zombie-type Trojan to launch future distributed denial of service attacks. In either case, unless the hacker goes out of his way to be noticed, the malicious code probably won't be. 15.2.2 Hacktivism Will Rise The world's Minuteman soldiers are lining up with denial of service and web-hacking tools. Today, just about every political cause is backed by both street demonstrations and online organized hacking. Most of the time hacktivists , as they are called, just attack web sites supporting opposing views. Other times any exploitable target that can be left scrawled with a political message will do. Denial of service attacks will begin against a single site from hundreds of domains spread across the Internet. Dozens of web sites will be broken into all at once. Where hackers used to get a thrill breaking into a single web site, now the challenge is to see how many at once. The more sites they can break into the better the chance the media will pick up their store and highlight the cause. Hacktivism is an accepted part of culture now. The government even tries polite requests for hacking restraint during tense political negotiations, and rarely does an online protester get arrested. 15.2.3 Increase in Linux Viruses Linux is still in its infancy, awaiting widespread acceptance. It already has over a hundred malicious mobile code programs (viruses, worms, Trojans, etc.) that replicate and do damage in Linux environments. There is even a virus, Win32.Winux, which is capable of infecting Windows and Linux executables. This will only increase as Linux gains popularity. Some other Unix-alternatives, such as FreeBSD, come with stronger default security. Unlike the default openness of Windows, Unix flavors usually save elevated rights for root accounts and administrators. Linux can only gain by strengthening its default security. Linux security experts should begin examining the successes and failures of trying to prevent malicious mobile code within the Wintel environments. 15.2.4 Connectedness Can Be a Weakness All this new technology and the growing state of connectedness opens us up to a whole new slew of malicious mobile code attacks. The Love Letter virus was the first to show how vulnerable our great state of connectedness could make us. It went off and hours later, because of the new Internet features built into cell phones and pagers , regional telephony outages began to appear. My clients began paging me to request assistance against the latest virus attack. My pager went off about 20 times in 10 minutes. Next , my pager and cell phone began to get dozens of messages sent by the Love Letter virus. My pager and cell phone, like most models today, allows messages to be sent to them via the Internet. Many people, including my staff and clients, have my pager and cell phone number in their Outlook database. The virus exploited this fact. After the next ten minutes, the messages stopped coming into my devices. This was only because the virus had overwhelmed the paging and cell phone system for my calling area. I picked up a regular phone line to call my clients back and find out what was going on. It was dead, too. It would be hours before the telephone worked, and nearly all day before my cellular phone service was restored. The newspapers around the world were delivered late that day as even the newsrooms had been hit. There will be increased wide- ranging repercussions due to the Internet's increasing pervasiveness. Everything will have the potential for being connected to everything. Will malicious mobile code be able to prevent you from watching television and listening to music? I can't see why not. If malicious code can bring down a computer, it can bring down the converged Internet-connected media devices in your house. And on that note, the refrigerator can be made to defrost, air climate control systems can be turned off, and even your computerized car can be disabled. There will be Luddites that will say that this could never have happened in the good old days. What happens when a unified messaging server goes down due to malicious code? Then, not only will your email be down, but also your fax, paging, cell phone, answering machine, and virtually any way you would have to contact somebody else not in the same location. Is it worth the risk? Unified Messaging vendors will reassure us about security and uptime with service level agreements, but that will mean little when the day comes. During the early 1980s, the nation's telephone infrastructure experienced a similar day-long outage , which resulted in new governmental regulations, new telephone products, and more expensive phone costs. The disaster pushed the government to force the telephone industry to address the issues of security and stability. With Voice over IP gaining popularity, it is just a matter of time before malicious code starts disabling PBXs. The Internet is considered a fundamental infrastructure by the government with similar implied protections . I suspect the Internet will suffer a large collapse due to malicious code, leading to increased government regulations. The U.S. and Japanese governments are exploring using the Internet, with a new quality of service protocol, for mission critical access during disasters (called the International Preparedness Scheme ). Basically, when a disaster event occurs, the government, hospitals , and relief centers can jump on the Internet to conduct mission critical operations. The Internet is a great tool because it flows around most damage points. But what if malicious mobile code can bring down the Internet right in the middle of a disaster event? Sure, all computer systems have manual procedures, but once the nation's infrastructure is dependent on the Internet, malicious mobile code could cause damage far beyond the walls of a personal computer. 15.2.5 Denial of Service Attacks Most security experts are bracing for massive amounts of denial of service (DoS) attacks, or the even harder to stop, distributed denial of service (DDoS) attacks. The world's leading security groups have been meeting (with the White House) about these types of attacks and the threat they pose to our nation's infrastructure. Publicized DoS attacks used to be few and far between, now they are becoming everyday occurrences. The tools that create these attacks are multiplying, and our ability to catch their originators is not. It will take a massive restructuring of the Internet to solve the problem. Even antivirus vendors are readying themselves , when called upon, to detect DoS and DDoS utilities and zombie programs. 15.2.6 Attack of the Killer Copier The SANS Security organization reported (http://www.sans.org/infosecFAQ/copy.htm) on the growing threat of printers and copiers delivered with exploitable TCP/IP services. Today, many digital copiers and printers come with FTP, HTTP, Telnet, and network protocols. Most are coming with security turned off or are protected by weak passwords. In August 2000, four network printers, with HP JetDirect  print server cards, were used to send denial of service attacks. Many web cams come with built-in web and FTP servers. They have been used in attacks. If you are laughing at the idea that your copier may be used to hack your servers, you don't understand the reality. This is happening. In the future, security experts have to be worried about not only computers, but PDAs, watches , copiers, printers, cars , cell phones, MP3 players, and anything else that can be networked. And there will be no single defense solution. |
