Copy Link
Add to Bookmark
Report
Xine - issue #5 - Phile 006
Ú-----------------------------¿
| Xine - issue #5 - Phile 006 |
À-----------------------------Ù
------------------------------------------------------------------------
Asmodeus takes a look into the crystal ball
------------------------------------------------------------------------
Asmodeus iKX (c) 2000, ikx ezine xine#5 article # 001
Recently we have seen a drastic change in virus coding and it will happen
again. Almost every third virus released today have the abillity to
propagate over email. Also the number of polymorphic viruses have increased.
So what is the reason for this? The answer is pretty simple, as cutting
edge virus technoology gets old it becomes some what of a standard. This
due to the fact that there is a lot of information about the topic.
Polymorphic engines are not very diffcult to code (depends on complexity)
and there is a lot of good articles/tutorials out there describing the sub-
ject. This is not specific for viruses, it can be applied in all areas of
research. Today all decent AV programs have the option to download updates
from the internet and contains a more or less good emulation/heuristic engine.
But what exacly can we expect from the future? The answer is MUCH! As the
world get more and more globaly connected with more powerful communication
devices the perfect spawning pool for viruses is created. The era of
airborne viruses are here, the viruses that self-propagate over networks.
I wrote an article a long time ago about network-aware viruses (titled
Internet-aware viruses :) ), and my predictions came true, just some
months after the release of the article melissa was released and the rest
is history (hehe yet another korny line :)). Well you know what I mean, how
many new worms/viruses out there doesn't use MAPI spread functions?
The average computer user is stupid and ignorant when it comes
to security and viruses but sooner or later they will come to the conclusion
that maybe they shouldn't open that attachment called README_____TXT.exe
in their mailbox. This is when the use of buffer overflows will take place.
Recently a buffer overflow was found in Microsoft's Outlook products. At
the time this article was written it had not yet been exploited, but it is
just a matter of time. But a security hole can be patched so those viruses
exploiting the hole could cause explosive outbreaks but they will be short
lived. Also insecure active-x controls and script bugs will be used to
automate the spread over email. The user no longer needs to download/run
the attachment, only login in to your mailbox will be sufficient to get
infected. In some cases you might have to preview or read the email but
the attachment obstacle have been surpassed.