Future of Bot Worms

The Future of Bot Worms

The current trend in worms seems to go the bot route. Bots—programs that operate as an agent

for a user or another program—are most often seen as malware and keep attacking unsuspected

users in surprisingly high numbers. Nowadays all bots worms are built in a modular fashion. This means that the creator of the program can choose among a number of different attack methods, including vulnerability exploitation, mass-mailing, P2P (peer-to-peer). The result is a worm ad hoc, specially engineered to accomplish its objectives: stealing information and keeping control of the infected computer.

The idea of modularity in these types of worms has been confirmed in WORM_RBOT.CBQ and WORM_ZOTOB, two network worms that grabbed headlines globally. Network vulnerabilities can be used as a propagation method as soon as the exploit is available. When a piece of code is written to exploit a certain vulnerability in an operating system and is published on the Internet, the creators of these worms can just attach it to the old code of the worm, recompile it and voilà—a new dangerous worm is ready to be unleashed.

Thus, this means shorter times to achieve network exploitation in the very near future.Below is a list of network vulnerability exploitation times for some prominent worms:

WORM_NIMDA: 366 days

WORM_SLAMMER: 185 days

WORM_BLASTER: 26 days

WORM_SASSER: 18 days

WORM_ZOTOB: 4 days

The end result: Because worms nowadays can be created at such rapid speeds, PC users worldwide face even greater threats. The possible ways we can fight against this are:

1. Patching home systems immediately as the updates are made available on the Microsoft Web site. Automatic updates are just not an option anymore. The security of our home systems is at stake just by being connected to the Internet.

2. In corporate settings, deploying software and hardware systems that specifically defend against these threats. Detecting and blocking the network packets that the worm uses to exploit the vulnerability is by large the best prevention to not get hit by this kind of malware. These systems include IDS (intrusion detection systems), specific network antivirus systems like Network VirusWall or Personal Firewall, which can block the reception of shellcode packets even if the underlying system is still vulnerable.