Hackers are trying to develop a new generation of
internet worm that can bypass traditional firewalls and anti-virus
software.
The worms will use Google and other search engines to identify and
attack companies that have poor website security with greater
precision than the most destructive worms seen so far, according to
security specialists.
Rather than attacking vulnerabilities in operating systems, hackers
will use worms to attack web applications.
Neil Barrett, security consultant at Information Risk Management,
said hackers were already attacking web applications and that it
was only a matter of time before they develop worms to do the job
automatically.
"Most of the current worms exploit vulnerabilities that are six to
eight years old. For the past year, hackers have been focusing on
application vulnerabilities - the worms will follow," he
said.
Research by security firm Imperva has shown that hackers already
have the technology to develop worms that could target vulnerable
sites "several orders of magnitude" more effectively than Blaster
or Code Red.
Firms can protect themselves by designing their applications with
security in mind, hiring penetration testers to find
vulnerabilities, or by buying intrusion detection and prevention
systems designed to protect applications.
"Chief information officers believe that attacks on custom-code are
rare, more difficult and impossible for hackers to replicate. That
is no longer the case," said Imperva chief executive Schlomo
Kramer.
A white paper from the firm has shown that worms could use a simple
search on Google to identify hundreds of sites with unprotected
password files or buffer overflow vulnerabilities in a matter of
seconds.
Application worms would be much harder to detect than conventional
worms and would pick their targets more effectively than worms such
as Blaster, which rely on mass propagation and chance to identify
vulnerable targets. Hackers could trick search engines into
attacking a website by directing it to visit vulnerable addresses,
making the attack virtually impossible to trace.
How web application worms work
Researchers have discovered that searches on Google can identify
websites containing unprotected passwords and other
vulnerabilities
An automated worm would use search engines to identify
vulnerable websites far more effectively than the hit-and-miss
approach of current worms
Hackers could trick search engines into behaving like a worm,
forcing them to attack vulnerable websites on their behalf
Application worms would be much harder to detect than the
current generation of e-mail worms.