Feeds

Virus toolkits are s'kiddie menace

Industry split on best defence

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

Much has been made of the developer's decision to pull the toolkit behind the Anna Kornikova virus - but anti-virus experts have warned that many such toolkits are readily available and just as easy to use by would-be vandals.

Last week the creator of K]Alamar's Vbs Worms Creator, used to create the Kornikova virus,pulled the toolkit from virus-creation Web sites, reportedly after pressure from friends appalled at the harm inflicted by Anna.

But there are many more toolkits capable of generating malicious code.

Anti-virus firms reckon that most viruses are developed using widely available toolkits. But there is widespread disagreement about a; the number of toolkits available to the public, and b; the best approach to deal with the potential threat.

According to Jack Clark, European product manager at Network Associates, there are perhaps 100 virus creation toolkits, though some are not particularly popular and so fail to grab the attention of anti-virus vendors.

Virus creation toolkits first came to prominence with the emergence of macro-viruses; and now toolkits to produce worms, boot sector and file viruses are all within easy reach, Clark says.

"The Anna Kornikova virus was the first time a virus created from a toolkit has spread so rapidly but there will be more," he predicts. While awareness of security issues has been raised by the publicity surrounding the Anna bug, 'script kiddies' may be encouraged to experiment with virus writing, he says.

Neil Barrett, technical director at Information Risk Management, confirms that no particular skill is needed to use virus-creation toolkits.

"It's trivial to use these toolkits. If you can use a point and click Windows-style interface and drive a web browser then it's simplicity itself to produce some surprisingly sophisticated viruses," he says.

IRM uses virus toolkits to create Trojans which are then used to check the security of his clients' networks.

The toolkits may have some legitimate uses, but in the vast majority of cases a used to create malicious code, and the antivirus industry is split on the right approach to take in defending against the problem.

Network Associates' Clark says the right approach is to include generic detection within anti-virus software, so that any virus produced with a particular toolkit will be automatically detected. Lack of generic detection means users of products from, for eample, rival Sophos, have to update their protection each time a new variant of a virus comes out.

According to Graham Cluley, senior technology consultant for Sophos, the inclusion of generic detection in antivirus software can trigger false alarms; for this reason Sophos preferrs to temper its use of generic detection, or heuristics, in its products.

The more important lesson to learn from virus outbreaks such as the Anna Kornikova virus and the Love Bug is that firms should consider blocking visual basic scripting and files with double extensions, both tricks used in the Anna bug, Cluley advises.

So toolkits are a problem; so why then can't security firms exert pressure on ISPs to stop hosting them, in the same way they pull sites containing offensive porn?

Or maybe security firms are secretly happy they allow virus creation to flourish - after all these keep anti-virus firms in the spotlight and helps them sell their software to frightened punters.

NAI's Clark denies this, saying it lacks the clout to exert pressure on ISPs to pull virus toolkits; besides, toolkits could be easily spread in newsgroups.

"We're not the Mafia and we don't have the ability to get ISPs to pull virus creation kits from Web sites," Clark says. "Its not as if we can tell them if they don't act they'll wake up with the head of a Trojan horse in their bed." ®

External links

"Confession" by Anna bug author

Related stories

Anna Kournikova bug drops harmlessly onto the Net
Anna Kournikova virus spreading like wildfire
Users haven't learned any lessons from the Love Bug
Which country has the most virus infected PCs?
PC World virus scans offer no real protection
Anna-bug author OnTheFly 'fesses up

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.