Feeds

Virus toolkits are s'kiddie menace

Industry split on best defence

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

Much has been made of the developer's decision to pull the toolkit behind the Anna Kornikova virus - but anti-virus experts have warned that many such toolkits are readily available and just as easy to use by would-be vandals.

Last week the creator of K]Alamar's Vbs Worms Creator, used to create the Kornikova virus,pulled the toolkit from virus-creation Web sites, reportedly after pressure from friends appalled at the harm inflicted by Anna.

But there are many more toolkits capable of generating malicious code.

Anti-virus firms reckon that most viruses are developed using widely available toolkits. But there is widespread disagreement about a; the number of toolkits available to the public, and b; the best approach to deal with the potential threat.

According to Jack Clark, European product manager at Network Associates, there are perhaps 100 virus creation toolkits, though some are not particularly popular and so fail to grab the attention of anti-virus vendors.

Virus creation toolkits first came to prominence with the emergence of macro-viruses; and now toolkits to produce worms, boot sector and file viruses are all within easy reach, Clark says.

"The Anna Kornikova virus was the first time a virus created from a toolkit has spread so rapidly but there will be more," he predicts. While awareness of security issues has been raised by the publicity surrounding the Anna bug, 'script kiddies' may be encouraged to experiment with virus writing, he says.

Neil Barrett, technical director at Information Risk Management, confirms that no particular skill is needed to use virus-creation toolkits.

"It's trivial to use these toolkits. If you can use a point and click Windows-style interface and drive a web browser then it's simplicity itself to produce some surprisingly sophisticated viruses," he says.

IRM uses virus toolkits to create Trojans which are then used to check the security of his clients' networks.

The toolkits may have some legitimate uses, but in the vast majority of cases a used to create malicious code, and the antivirus industry is split on the right approach to take in defending against the problem.

Network Associates' Clark says the right approach is to include generic detection within anti-virus software, so that any virus produced with a particular toolkit will be automatically detected. Lack of generic detection means users of products from, for eample, rival Sophos, have to update their protection each time a new variant of a virus comes out.

According to Graham Cluley, senior technology consultant for Sophos, the inclusion of generic detection in antivirus software can trigger false alarms; for this reason Sophos preferrs to temper its use of generic detection, or heuristics, in its products.

The more important lesson to learn from virus outbreaks such as the Anna Kornikova virus and the Love Bug is that firms should consider blocking visual basic scripting and files with double extensions, both tricks used in the Anna bug, Cluley advises.

So toolkits are a problem; so why then can't security firms exert pressure on ISPs to stop hosting them, in the same way they pull sites containing offensive porn?

Or maybe security firms are secretly happy they allow virus creation to flourish - after all these keep anti-virus firms in the spotlight and helps them sell their software to frightened punters.

NAI's Clark denies this, saying it lacks the clout to exert pressure on ISPs to pull virus toolkits; besides, toolkits could be easily spread in newsgroups.

"We're not the Mafia and we don't have the ability to get ISPs to pull virus creation kits from Web sites," Clark says. "Its not as if we can tell them if they don't act they'll wake up with the head of a Trojan horse in their bed." ®

External links

"Confession" by Anna bug author

Related stories

Anna Kournikova bug drops harmlessly onto the Net
Anna Kournikova virus spreading like wildfire
Users haven't learned any lessons from the Love Bug
Which country has the most virus infected PCs?
PC World virus scans offer no real protection
Anna-bug author OnTheFly 'fesses up

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.