Super viruses just around the corner

Hackers are buzzing at the possibilities for software mayhem, reports CHRIS BARTON.

If you thought the Love Bug virus was bad, you ain't seen nothing yet.

Responding to the latest "hell virus" scare, security expert Arjen de Landgraaf said his company had warned about the potential devastating effect of these new methods of virus attack since the end of April.

He was commenting on a Herald story a week ago about an alleged security flaw in a Microsoft e-mail program discovered by local software developer Phil Saleh, of Arabesque Multimedia.

"The difference between this and the Loveletter e-mail is that this virus does not require an attachment to be opened. The moment you can read the words of the e-mail, the payload is already running," he said.

While a virus of this type has not yet been released, Mr de Landgraaf said his company, E-Secure-IT, had published working examples of the JavaScript vulnerability Mr Saleh describes.

"We also know ... that the international hacker community is buzzing with the wicked potential this vulnerability could unleash. The next generation of viruses is not a matter of if, it's only a matter of when."

That is not all. According to Mr de Landgraaf, there are far more lethal viruses just around the corner.

The "generation-after-next" virus may carry with it a small dictionary of common "exploits," such as weaknesses in firewalls, access routers, operating systems, or e-mail programs. It will hit a computer using an internet address and check whether it can use any of the vulnerabilities it carries in its dictionary.

"If the virus has exploits to enter the system, but no exploits to plant the payload, it will communicate with other viruses, carrying different exploit dictionaries."

The concept, still theoretical for now, is what hackers call the "WormNet" - viruses that actually communicate across the internet to each other.

That means viruses that talk to each other. The translated conversation might go like this: "Hey, I am in this system, but I cannot get through to plant my payload. Does anyone have a dictionary to help me get further in?"

All other viruses will listen and respond if they can help the requesting virus. The viruses will be based on so called "Open Source" code, written in programming languages, such as Java, that can run on any type of computer.

"The only way such an onslaught can be avoided in the future is by being immediately warned when a new vulnerability is discovered, and have it fixed before an automated hacker program makes misuse of it."

E-Secure-IT provides a service that can help. Its Vulnerability Knowledge Base has posted 38 security vulnerabilities for Microsoft's Windows NT, and already 20 on its recently released successor Windows 2000.

E-Secure-IT also provides early warnings, alerting its subscribers to the vulnerabilities as they are discovered. In addition, it advises on what to change or disable in software default settings, quick first fixes, and provides information on how to implement work-arounds.

Mr de Landgraaf said New Zealand, being the first in the world to start the working day, was in a unique position to contribute to E-Secure-IT teams.