Feeds

Virus toolkits are s'kiddie menace

Industry split on best defence

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Much has been made of the developer's decision to pull the toolkit behind the Anna Kornikova virus - but anti-virus experts have warned that many such toolkits are readily available and just as easy to use by would-be vandals.

Last week the creator of K]Alamar's Vbs Worms Creator, used to create the Kornikova virus,pulled the toolkit from virus-creation Web sites, reportedly after pressure from friends appalled at the harm inflicted by Anna.

But there are many more toolkits capable of generating malicious code.

Anti-virus firms reckon that most viruses are developed using widely available toolkits. But there is widespread disagreement about a; the number of toolkits available to the public, and b; the best approach to deal with the potential threat.

According to Jack Clark, European product manager at Network Associates, there are perhaps 100 virus creation toolkits, though some are not particularly popular and so fail to grab the attention of anti-virus vendors.

Virus creation toolkits first came to prominence with the emergence of macro-viruses; and now toolkits to produce worms, boot sector and file viruses are all within easy reach, Clark says.

"The Anna Kornikova virus was the first time a virus created from a toolkit has spread so rapidly but there will be more," he predicts. While awareness of security issues has been raised by the publicity surrounding the Anna bug, 'script kiddies' may be encouraged to experiment with virus writing, he says.

Neil Barrett, technical director at Information Risk Management, confirms that no particular skill is needed to use virus-creation toolkits.

"It's trivial to use these toolkits. If you can use a point and click Windows-style interface and drive a web browser then it's simplicity itself to produce some surprisingly sophisticated viruses," he says.

IRM uses virus toolkits to create Trojans which are then used to check the security of his clients' networks.

The toolkits may have some legitimate uses, but in the vast majority of cases a used to create malicious code, and the antivirus industry is split on the right approach to take in defending against the problem.

Network Associates' Clark says the right approach is to include generic detection within anti-virus software, so that any virus produced with a particular toolkit will be automatically detected. Lack of generic detection means users of products from, for eample, rival Sophos, have to update their protection each time a new variant of a virus comes out.

According to Graham Cluley, senior technology consultant for Sophos, the inclusion of generic detection in antivirus software can trigger false alarms; for this reason Sophos preferrs to temper its use of generic detection, or heuristics, in its products.

The more important lesson to learn from virus outbreaks such as the Anna Kornikova virus and the Love Bug is that firms should consider blocking visual basic scripting and files with double extensions, both tricks used in the Anna bug, Cluley advises.

So toolkits are a problem; so why then can't security firms exert pressure on ISPs to stop hosting them, in the same way they pull sites containing offensive porn?

Or maybe security firms are secretly happy they allow virus creation to flourish - after all these keep anti-virus firms in the spotlight and helps them sell their software to frightened punters.

NAI's Clark denies this, saying it lacks the clout to exert pressure on ISPs to pull virus toolkits; besides, toolkits could be easily spread in newsgroups.

"We're not the Mafia and we don't have the ability to get ISPs to pull virus creation kits from Web sites," Clark says. "Its not as if we can tell them if they don't act they'll wake up with the head of a Trojan horse in their bed." ®

External links

"Confession" by Anna bug author

Related stories

Anna Kournikova bug drops harmlessly onto the Net
Anna Kournikova virus spreading like wildfire
Users haven't learned any lessons from the Love Bug
Which country has the most virus infected PCs?
PC World virus scans offer no real protection
Anna-bug author OnTheFly 'fesses up

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.