Hackers are trying to develop a new generation of internet worm that can bypass traditional firewalls and anti-virus...
software. The worms will use Google and other search engines to identify and attack companies that have poor website security with greater precision than the most destructive worms seen so far, according to security specialists. Rather than attacking vulnerabilities in operating systems, hackers will use worms to attack web applications. Neil Barrett, security consultant at Information Risk Management, said hackers were already attacking web applications and that it was only a matter of time before they develop worms to do the job automatically. "Most of the current worms exploit vulnerabilities that are six to eight years old. For the past year, hackers have been focusing on application vulnerabilities - the worms will follow," he said. Research by security firm Imperva has shown that hackers already have the technology to develop worms that could target vulnerable sites "several orders of magnitude" more effectively than Blaster or Code Red. Firms can protect themselves by designing their applications with security in mind, hiring penetration testers to find vulnerabilities, or by buying intrusion detection and prevention systems designed to protect applications. "Chief information officers believe that attacks on custom-code are rare, more difficult and impossible for hackers to replicate. That is no longer the case," said Imperva chief executive Schlomo Kramer. A white paper from the firm has shown that worms could use a simple search on Google to identify hundreds of sites with unprotected password files or buffer overflow vulnerabilities in a matter of seconds. Application worms would be much harder to detect than conventional worms and would pick their targets more effectively than worms such as Blaster, which rely on mass propagation and chance to identify vulnerable targets. Hackers could trick search engines into attacking a website by directing it to visit vulnerable addresses, making the attack virtually impossible to trace.
How web application worms work
Researchers have discovered that searches on Google can identify websites containing unprotected passwords and other vulnerabilities
An automated worm would use search engines to identify vulnerable websites far more effectively than the hit-and-miss approach of current worms
Hackers could trick search engines into behaving like a worm, forcing them to attack vulnerable websites on their behalf
Application worms would be much harder to detect than the current generation of e-mail worms.