Fizzer fizzles, but security threats remain

This week's Fizzer worm appears to have had little impact on corporate networks, according to users and analysts. But with a growing number of users logging into corporate networks from home and other relatively insecure remote locations, the malicious code and spyware that such viruses leave behind on unprotected systems could prove to be a long-term headache for companies.

The Fizzer worm represents an emerging class of malicious code that relies on a variety of ways to try and circumvent increasingly sophisticated corporate network defences.

The worm was contained in executable e-mail attachments with innocuous subject headers. In the vast majority of cases, users had to click on the e-mail attachment before the virus could start executing code.

In general, companies with updated antivirus software and policies for filtering executable e-mail attachments would have been protected against Fizzer, said Russ Cooper, an analyst at TruSecure Corp.

Companies that have not yet taken such basic perimeter defence measures are simply being "derelict in their duty," said Pete Lindstrom, an analyst at Spire Security consultancy.

But workers who dial into the corporate network from home and other remote locations may not always have the same defences and are therefore more vulnerable to having their systems infected by such viruses, said Michael Allgeier, data security officer at the US-based Colorado River Authority.

This could prove dangerous because of the payload carried by viruses such as Fizzer, said analysts. According to Finland-based antivirus software vendor F-Secure, Fizzer is a complex e-mail worm that contains "a built-in IRC backdoor, a denial-of-service attack tool, a (keystroke logging) Trojan, an HTTP server and other components."

Such capabilities could allow hackers to remotely control compromised machines, steal from them or mine them for passwords, analysts said. Connecting such a compromised system to a corporate network could allow hackers to burrow past other defences.

"I think the biggest security threat today is remote users," said David Krauthamer, director of IS at Advanced Fibre Communications, manufacturer of telecommunications equipment. "VPN access is proliferating, and with the onset of wireless home networking, it's becoming easier to gain an access foothold to a corporate network."

"We don't have any control over remote workstations, or home PCs or kiosks or wherever it is that people access our networks from," Allgeier said. "We can't really rely on personal firewalls and antivirus software to detect Trojans and keystroke loggers."

The company has begun to roll out software from US-based software vendor WholeSecurity that scans individual desktops for such malicious code. It is looking to deploy the code for remote users as well.

Companies need to ensure that remote workers are covered by the same security polices that govern the corporate network, Lindstrom said. "It's a question of evaluating all the different attack points and distributed components in your environment," and protecting them.

Join the newsletter!

Error: Please check your email address.

More about Advanced Fibre CommunicationsF-SecureSpireTruSecure

Show Comments
[]