Sept. 9, 2005- I noticed something as I was surfing through my favorite security sites, looking for any new threats on the horizon: a pattern of total domination by two worms over all other cyber menaces. During the past few months, Netsky and MyTob have taken control of many computer systems, surpassing only each other in the number of systems infected, with no relief for end-users in the future.
The Netsky worm should sound familiar from my previous security newsletters. Netsky infects via email and searches your drives for email addresses to send itself. Netsky also looks through PCs’ drives for shared folders where it can replicate itself to infect other systems. The only competition for most prevalent online threat is the MyTob worm.
This mass-mailing worm has given unpatched corporate systems administrators no end of grief. (You should have patched your systems. Come on, you professionals). MyTob shuts down your anti-virus protection, allows remote access to your system, and mass emails itself to everybody in your address book, posing as you. Phew! It’s a lot of work being malicious code, but MyTob didn’t get to the top by being lazy. The bad news is that there are over one hundred different variants of MyTob, including Zotob, the worm that infected CNN, ABC and the New York Times last month.
There is a shimmer of hope. The two individuals arrested on Aug 29, 2005 for allegedly unleashing the Zotob worm may also be the creators of MyTob. The online signature “Diabl0”, used by Farid Essebar, was found in the core code of both Zotob and Mytob. The good news is that there are two fewer people out there with the capability to create this type of horribly destructive, fast-moving worm. The bad news is that the arrest won’t stop MyTob dead in its tracks, nor will infected systems become uninfected. There are so many variants and offshoots that these security threats will be around for quite some time.
The chart below illustrates the percentage of infections over the past few months. The main threats are obvious:
I told you it was obvious. The good news is (I know, I sound like a broken record), if you stick to the fundamentals of internet security, then you should be fine. The fundamentals are:
1. Stay up-to-date on anti-virus/spyware, Microsoft products, and any other security applications you may have on your system.
2. Don’t open email attachments without scanning them first, and don’t open attachments if you don’t recognize the sender.
3. Make sure your firewall is up and running. Check your access logs.
4. And probably the most important fundamental of all, don’t miss any of Chad’s informative security articles!
Stay safe out there,
~ Chad Stelnicki