Home > Uncategorized > Another Prediction for 2008

Another Prediction for 2008

This blog covers the second of ten predictions regarding events and trends that I have forecasted will occur in 2008. This prediction was:

2. Fewer worms and viruses will surface in the wild—a continuation of the present trend.

I am sure that you have noticed that massive virus and worm infections in the past such as those by Code Red, Nimba, Sircam, MSBlaster, Slammer, Netsky, Beagle, and others are no longer occurring. In contrast, this trend is not occurring with other types of malicious code—botnets and rootkits are proliferating at an unprecedented rate.

Why are viruses and worms becoming increasingly scarce? I addressed this question in a paper that I published in Computer Fraud and Security in 2006. To summarize, computer criminals are increasingly trying to profit from their sordid activity. If they are going to profit, what they do and the programs and processes that they install in systems that they compromise both need to avoid being noticed. Writing and distributing a worm or virus is counter to this goal. Both viruses and worms often scan other systems in an attempt to discover which ones they can infect; the rate of scanning must be high if a worm of virus is to spread prolifically. Similarly, viruses generally work through attachments that contain malicious routines. The scanning activity is highly noticeable by automated means such as intrusion detection and prevention systems and also directly by network operations staff. Attachments can also be easily spotted. Once detected, worms and viruses are not likely to make much headway in networks and systems because numerous eradication methods can be used. Would-be profiteers’ goals are thus likely to be thwarted. In comparison, malware such as hidden keystroke capturing tools and rootkits that minimize the likelihood of successfully detecting their presence is much more suitable to the goals of today’s computer criminals.

Several other factors also in all likelihood contribute to the reduction of worms and viruses in the wild in 2008. Unfortunately, individual Internet users are likely to continue to be disproportionately susceptible to worm and virus infections for a variety of reasons, of which failure to run and update anti-virus software and use of peer-to-peer networking are the most obvious. Yet a much greater number of organizations and Internet service providers (ISPs) use anti-virus software as well as other anti-virus and worm measures compared to only a few years ago. Additionally, the well-publicized arrest of the notorious teenage worm writer Sven Dietrich in Germany as well as of other virus and worm writers in other countries appears to have sent a poignant message to would-be writers of viruses and worms. Another possibility is that virus and worm writers have simply become bored of continuing to write this form of malware, which first surfaced way back in 1980.

Although I predict a reduction in the number of worms and viruses in 2008, I am not by any means saying that it is time to relax when it comes to the risks that these types of malicious code pose—au contraire. Anti-virus software, properly configured and maintained firewalls and virus walls, patches, and user education and awareness are all still very much necessary.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.