W32.Rekcus

Published: September 21st, 2001
W32.Rekcus

I predict that the next major Internet virus will be called Rekcus.

That’s right: “sucker” spelt backwards.

Surely it only makes sense, after a week in which the Nimda worm brought down networks around the world, that the online forces of evil would take their arrogance one step further. The idea that people were clicking on an attachment that used the short from for system administrator spelt backwards just goes to show how bold — and ridiculous — this cycle of breached security has become.

With every virus, the whole jack-in-the-box winds up again. Somewhere, someone at home or who works in a company that evidently hasn’t set up proper security policies clicks on an attachment with suspicious-sounding extensions like VBS or EML. The infections begin, and those who are still lucky enough to have use of their e-mail client start spreading the news to the various virus-related mailing lists at a pace which tries to outdistance that of the worm itself. Then, lacking only the siren and uniforms that would make them look and sound more like the enforcers they imagine themselves to be, the anti-virus companies step in. They set up their task forces, try to come up with solutions and then joust with one another to be the talking head of the moment with IT media outlets like this one. Finally, everyone downloads the appropriate software to rid their systems of the virus. Good thing these applications are called a “patch,” because they are a Band-Aid solution if ever I saw one.

By Friday morning most of the danger seemed to have subsided, suggesting that perhaps the industry has gotten better at responding to these moments of Internet crisis. But the fact that those who hadn’t downloaded a Microsoft patch last March could be infected by Nimda, whether they actually clicked on the attachment or not, underscores the growing sophistication of the viruses as well.

In this case, Microsoft took more heat than usual when rumours floated around that some of its own sites were infected. As the vendor behind Internet Information Server (IIS), it is perhaps only natural that Microsoft would be the first place to which users turn for important security information. If its credibility in this area continues to be undermined by even the suggestion of vulnerabilities in its own portal infrastructure — the Code Red hit on Hotmail did not help matters here — the business value of its products will be tarnished as well. Already, research firm Gartner Inc. has released a note about Nimda advising its clients to begin investigating alternatives to IIS, such as iPlanet and Apache, which have also required patching on occasion but which have less of a history as a virus target. It’s unlikely many enterprise customers will heed this warning, though. Functionality and performance issues usually drive the purchasing decision. Security is important, but it plays a bigger role once a breach of some kind has occurred.

It is clearly the responsibility of network administrators to oversee the IT security of their organizations. However, the industry is structured such that the onus for staying abreast of every virus warning and downloading the appropriate patches can become a full-time job in itself. The only power vendors really have to fight virus attacks, on the other hand — apart from rewriting software, which will take too long for most Microsoft customers — is marketing muscle. Instead of asking customers where they want to go today, companies like Microsoft need to show harried system administrators where they need to go. This may be an Internet-related issue, but merely posting patches on a Web site is not enough. It will take phone calls, customer visits and an education effort that runs in concert with its campaign to convince the industry to upgrade to XP.

As the Code Red press conference with Microsoft, the FBI and other important industry players proved, preventative awareness works. We may be dealing with a virus that has no cure, but that doesn’t mean we can’t at least keep the symptoms at bay.

sschick@plesman.com

Share on LinkedIn Share with Google+