'Business' Worms Wreak Havoc from the Inside

One of the week's dozen or so bots can be called the first "business" worm, a security expert argued Friday.

"On the face of it, Bozori is no different than earlier Internet worms like Blaster or Sasser," said David Emm, a senior technology consultant for the Moscow-based Kaspersky Labs, in an e-mail to TechWeb. "It uses an exploit to spread directly to vulnerable machines. Yet there's no global epidemic. We've seen no tell-tale signs of an epidemic on the Internet. And we've had no reports of infection from individual users."

Other experts seconded that last statement. Radialpoint, a security provider to broadband ISPs, said that its customers are reporting low infection rates among their users, even those without anti-virus defenses. "We attribute this to the fact that the virus [sic] only targets Windows 2000 machines," said a Radialpoint spokesperson.

"There's no question that this worm is spreading. However, it seems to be confined to localized 'explosions' inside large corporations," Emm continued. "These organizations, typically made up of 'small internets' behind heavily defended Internet gateways, have experienced infection."

Emm gave credit to -- both at the enterprise and on home-users' machines -- in defending against the recent bot attacks, but noted that there are other ways for malicious code to sneak into a network. "When an infected laptop is brought into a network with, say, 50 Windows 2000 machines, chaos erupts."

Bozori and its cousins, argued Emm, "suggest that we're on the threshold of a new era, when will cause local network outbreaks in large corporations, but will have little effect on the Internet as a whole."

The new emphasis on internal outbreaks isn't due to any changes made on the part of hackers, said Emm, but to the hardened perimeter philosophy that enterprises have accepted.

"Organizations have been secured behind their firewalls, filtering e-mail, and stripping executable content. Businesses felt secure and confident that no attack could reach them. The blow from the inside was all the worse for being totally unexpected."

Copyright ©2005 CMP Media LLC