Beware of recent worm attacks that may cover up the insertion of Trojans, warns the ebullient managing director of communications software vendor Gfi, Richard Rundle, who adds that enterprises should put the boot into slack outsourcer maintenance of security.
"Who's accountable for all of this stuff? Sure, there are people writing these worms and planting them for whatever reason… but BHP, they're managed by a multimillion dollar outsourcing contract with CSC - presumably to manage their network and keep it secure. How do they end up with, in Adelaide alone, 50 people sitting on their tails [because of the worm]? I just find that incredible. How is that possible with those kind of people at the wheel? It's just amazing," Rundle lamented.
Moreover, Rundle claims recent publicity and arrests do nothing to stem the plague of worms. "This little teenager that wrote Blaster.B who is currently being hauled over the coals by the US Feds, it's not that kind of kid that is behind the important [attacks] here," he said, adding there are organised criminal elements attempting to glean enterprise customer data and account details.
Rundle also alleges the publicity-seeking endeavours of some antivirus firms during such incidents detract attention from the real targets of the attacks. "I think we are so bogged down in all this media hype…you've got Symantec and others pumping out four and five press releases a day. I think it's probably just a bit of a smokescreen, some of it, for other Trojans that are being inserted quietly.
"A Trojan by nature is engineered for a purpose normally. I think some of them are just lying there dormant, not attracting media attention and I think that that's where the danger lies," Rundle said.
Checkpoint Software's regional director Scott Ferguson agrees to a point; however he warns that the real danger in Trojans comes from their more frequent inclusion as a payload, more frequently exploited through application vulnerability rather than traditional network exploits.
"The Trojan is the delivery vehicle for getting into an application. The nature of attacks has moved from the network layer to the operating system and the application layer. The challenge is to report that it's not fatal. There is a lot of sensationalism, but nobody has caused a train crash or died as the result of [worm attacks]. It's the cost that is going up."
Ferguson also doubts any organised nature of such attacks - at least so far but warns that blinkered "single-point" vision is as much a threat as malicious code.
"The attacks seem to be happening from a vandalistic perspective and an intellectual stretch perspective. So expect more attacks, more legislation and more accountability [from compromised vendors or infected enterprises]. As an IT community we have to educate senior management as to what's critical in terms of an information asset – and what's not."