'Drive-By' Virus Set to Cause PC Havoc

Oct. 25, 2004
New computer virus is about to cause trouble in the corporate world, called "drive-by" virus because it attacks without warning

NEW computer virus is about to wreak havoc in the corporate world. Called the "drive-by" virus - because it attacks without warning - it is by far the worst security threat companies have faced, according to Shlomo Touboul, chief executive of Israel-based international computer security firm Finjan.

Finjan says the new threat works by taking the user to an invisible staging site while he or she is logging on to a genuine site. The user is unaware this has happened and need do nothing other than surf the internet to fall prey to a "drive-by" attack.

Once the unwitting victim has been hit, the criminal can hack into their system, steal their financial details and even take control of their computer. Because of rarely used voice software in Microsoft operating systems, the hackers can even listen in on users' conversations. According to Toubol, the underlying problem is the ancient DOS software code from which Microsoft's modern Windows operating systems have been developed. "DOS was designed for stand-alone PCs and not for code sent remotely," said Toubol. "When a computer running Windows receives code from an external code it is vulnerable to being taken over." Unlike the recent spate of high-profile viruses such as MyDoom, the new breed of virus is designed by people who wish to remain anonymous. "The criminals who have developed this form of attack want only one thing - to make as much money as possible," said Toubol. "The attacks have already begun but none of the organisations and financial institutions so far affected will admit to having been fleeced because they are afraid it will affect their credibility in the eyes of customers." Finjan believes virus worm attacks earlier this year could have been dry runs for a larger-scale attack, possibly by terrorists.

"The Witty worm that struck earlier this year was the first widely-propagated attack to carry a destructive payload," said Touboul. "With the number of organisations worldwide now dependent on systems connected to the internet, terrorists would not need to hijack a plane to cause economic chaos. All they would need is one bright guy with a computer terminal." Finjan says it recently reported 12 vulnerabilities in Windows. The company has a closely-guarded research facility that develops ways of attacking computer systems running Windows to stay one step ahead of criminals and terrorists. "The new vulnerabilities we have identified in our labs never leave the building and if they did the effects could be devastating," said Touboul. "They would be like live explosives if they got into the wrong hands."