The ready availability of virus-generating toolkits will continue to make it relatively easy for even amateur crackers to write worms such as this year’s Anna Kournikova virus, analysts and users warn.
But since many of these kits rely on previously used methods for creating and propagating viruses, damage can be minimised if corporations take basic precautions, they say.
Analysts say there are scores of virus-generation toolkits that can be used by would-be crackers to easily write worms similar to the Anna K virus. The kits go by names such as Instant Virus Production Kit, Satanic Brain Virus Tools, The Trojan Horse Construction Kit and The Virus Factory.
Many come with easy-to-use interfaces and pop-up help files that walk would-be crackers through the process of creating a virus — from choosing a name for it through choosing a way to spread it.
Some toolkits, including the one used to create the Anna worm, let users select from a variety of payloads that range from self-replication to attempting to crash networks.
“It’s all very menu-driven and easy to use ... It is just a question of a click here and a click there,” says Roger Thompson, an analyst at Virginia-based security firm TruSecure.
“The guy who launched the Anna virus didn’t even have to change many of the default options [to get the worm to work],” he says.
What make some virus-generation kits particularly dangerous is that they allow even amateur crackers to add variations that can sometimes help them slip through antivirus defences, Winkler adds.
The Anna virus, for instance, was able to break through many antivirus barriers because it used an encryption feature available in the toolkit, analysts says.
Yet despite the ease with which the Anna virus spread, most worms generated by toolkits use well-understood and predictable ways of creating and propagating a virus, says Josh Turiel, MIS manager at Holyoke Mutual Insurance in Massachusetts. This makes worms relatively easy to detect and block using antivirus tools and generic filtering approaches, he says.
“Back around 1997, somebody generated 15,000 viruses from a single kit — all of which were detected by just about every single virus vendor,” says Thompson.
In addition to antivirus technologies, Holyoke Mutual simply blocks all emails with Visual Basic Script (VBS) attachments from its network. “We had 30 copies of the Anna virus bounce off our network in about three hours,” Turiel says.
“The organisations that are going to continue getting nailed by such attacks are those that still don’t have any central control over their email, and small companies with no security [infrastructures],” he adds.