Worms are getting faster! - Trends

Communications News, July, 2003

Computer worms and viruses have become increasingly easy to distribute and significantly more threatening to the security of global communication networks, according to analyst firm Probe Group of Cedar Knolls, N.J. An attack can be launched by virtually anyone, from anywhere in the world, explains Probe analyst Tony Marson, with a future potential spread time of mere seconds.

"The increasing level of sophistication is clearly exemplified when comparing the Slammer and Code Red attacks," says Marson. "Although Slammer was just one-tenth the size of Code Red, the former took only 10 minutes to spread globally, while the latter required three days." The bottom line, he says, is that in the last 18 months the time required for the infection of global targets has shrunk from days to minutes.

Marson suggests that for those seeking to maintain the integrity of their infrastructures during a worm attack, multilayered security should be implemented, blanketing all aspects of infrastructure.

Although the worm attacks to date have looked to exploit the vulnerabilities in operating systems such as Windows and Linux, these are the same operating systems that network operators use to run network-management systems, services/applications servers, switches and routers. "One can envision a future worm attack that could completely disable a network-operating system just by exploiting a particular vulnerability," states Marson. "Therefore, a sense of urgency persists for all network operators and enterprises to incorporate common-sense network security measures that can be easily implemented."

Marson also contends that service providers have a responsibility to ensure the continuation of service and availability of their networks during a worm attack. He says the benefits of prevention as opposed to recovery are clear--not only is it cheaper, but it also allows network operators to do the following:

* maintain service-level agreements, thus avoiding penalties;

* maintain reliability of connectivity;

* reduce personnel costs (by not needing to retain significant numbers of personnel to deal with continuous breaches of the network and the recovery from an attack);

* maintain a consistency in customer service and delivery;

* increase customer satisfaction; and

* reduce support costs.

While no network is 100% secure from a worm or virus attack, Marson says, the alternative (as with Cloud Nine) is that the service operator can go out of business.