Report: Duck And Cover

Viruses have been flooding to my inbox in unusual quantities lately. Strangely, it seems to be a fairly even mix of Netsky.D/Q, and Bagle AI/AB/AF/AH, with some MyDoom.N and Funlove tossed in for good measure. Netsky.Q was dominating for quite a while, but Bagle is back, now that the source code has been released. Bagle is the second instance of source code distribution via viral mechanisms. MyDoom was also exposed in a similar fashion earlier this year following a $500,000 bounty on the head of the MyDoom author, posted by Microsoft and SCO. The reason behind the source code release is likely an effort to throw off investigations that center on a machine holding the virus source code. If it ends up on PCs across the globe, the mere existence of it can’t really be used as evidence.

Also making virus news is the first Windows CE critter. It’s not a “live” virus in the sense that it’s not actively spreading in the wild, but it does show that it is possible. The proof-of-concept is the work of Russian anti-virus firm Kaspersky Labs, and actually requests permission to infect a device. With the rise in mobile device use, bringing attention to the vulnerabilities via concept code will hopefully help to head off major issues down the road.

The debate rages on, and for what it’s worth, I’m in favor of exploit disclosure. The worst scenario is when rampant destruction is the result of a previously unknown flaw – Download.ject was one such instance. There will always be unpatched systems and outdated virus definitions, and it’s typically a matter of hours between flaw disclosure and viable exploitation, regardless of whether brought to light by a vendor or an outside party. The longer information is sat on, the more time there is for it to be discovered by those with less honorable intentions, and such things should never be a surprise to the world if there is a way to avoid it. If a tornado is going to wreck my house, I’d prefer to know it’s coming as far in advance as possible, even knowing that I’m powerless to do anything other than to turn on a video camera. Would you rather be outside mowing your lawn when it hits, or taking cover?

Yours digitally, Furo