Use your computer fearlessly.




[ Security | Consulting | Research ]





Worms

by Brent Kirkpatrick

(Date Published: .)



Automated exploits that self-propagate around the Internet.



Since 2014, Intrepid Net Computing has observed about half-a-dozen worms. Most of these worms have gone uncaptured, uncharacterized, and undescribed.

Our industry has just barely kept pace with security by fixing known vulnerabilities, rather than by addressing the unknown vulnerabilities that are actually exploited by hackers. When computer security experts capture worms in the wild and isolate their machine code, the vulnerabilities that are actually exploited can be addressed. Since our industry is fixing known vulnerabilities and is not capturing worms in the wild, computers can be re-infected with the same worms or with a simple variant of the same worms.

Many of these worms infect multiple operating systems and can compromise large swaths of the Internet. These worms often install back-doors on computers and hackers use a command-and-control interface to become your remote administrator. Financial data, identity data, and health data can be used by hackers to defraud you and pay for their hacking.

If you are a consumer that uses mobile computing, as your device migrates from WiFi network to WiFi network, it can quickly become infected from the routers that it connects to. Routers are a favorite infection vector for many worms.

Operating systems such as Apple iOS and OS X, appear to clean-up worms by pushing clean binaries to your device. There are two problems with this approach. First, you can get re-infected, since the vulnerability allowing transmission of the worm was not fixed. Second, if the Internet infrastructure is sufficiently compromised, your device may never receive the clean binary.

The only sure-fire way to stop a worm is to patch the vulnerabilities that allow its transmission from computer to computer. These patches must then be delivered to machines that are at risk of infection.

Some computers have become so badly hacked that they cannot be updated with patches. This can happen when the DNS infrastructure is sufficiently compromised that update URLs are redirected or patches are themselves replaced with exploits. If your computer operates in such a hostile network, then you need to be especially vigilant of security.

If you are responsible for an operating system, router software, or server, you need to inform you customers of every compromise. Otherwise, your company risks steep fines under various computer legislation, such as Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), Gramm-Leach-Bliley (GLB) Act, and the Federal Information Security Management Act (FISMA).










bbkirk@intrepidnetcomputing.com




© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.