Beware the Smart Virus

SAN DIEGO -- Storage Networking World -- IT managers at this week's SNW show claimed to be bracing themselves for a new breed of super virus based on complex mathematical theories that could wreak havoc on storage networks and servers.

Sasan Hamidi, CIO of Miami, Fla., travel firm Interval International and a computer scientist, warned attendees that a new super-virulent virus may be targeting their systems in the future. "It's not far-fetched. It is possible... to create a living computer program and let it have intelligence," he said during a presentation, explaining that the virus could mutate itself to avoid patches and intrusion detection technologies.

Cellular automation, which builds complex patterns using simple rules, and even game theory are just a couple of the advanced scientific methods that could be used to build these threats, according to Hamidi, a former senior project manager at the global security division of IBM Corp. (NYSE: IBM) and director of enterprise architecture at General Electric.

"A lot of these techniques could be used to produce extremely sophisticated computer attacks -- worms, viruses, and Trojan horses, that we're not aware of today," he warned.

The new type of threat, which Hamidi describes as "evolutionary computing," would differ from traditional viruses and worms in that the code, once detected, would alter itself and then attack another part of the network. "The code adapts itself to the environment. This could be a worm that learns from the environment and becomes more intelligent."With so many computer resources, including storage, now IP-based, Hamidi explained that the virus could enter an organization's systems as "relatively harmless" TCP packets before wreaking havoc.

Although examples of attacks based on "evolutionary computing" are hard to come by, IT managers at SNW compared the potential impact to the Morris worm, written by Cornell University graduate student Robert Tappan Morris, son of the former chief scientist at the National Computer Security Center (NCSC), which brought down much of the Internet in 1988. The worm, which is also known as the "Great Worm," replicated itself much faster than anticipated and disabled thousands of computers before it was finally brought under control.

Thankfully, few people possess this level of expertise. "The typical hacker today is not knowledgeable enough about genetic algorithms and evolutionary computing," said Hamidi.

Still, the prospect has IT pros at least concerned, particularly about their lack of protection. Hamidi confessed that he would be in trouble if someone mastered these techniques and targeted his business with a super virus tomorrow. "There's nothing that I know of that could prevent something like this."

Tor Garman, senior business systems analyst at San Diego Gas & Electric, admits to guarded trepidation. "The possibility does exist, but there's really not anything that we can do about it right now," he says. Garman concurs that a potential hacker would need both knowledge of complex scientific theory and the ability to stage a multilevel security attack to pull it off."It's sort of tough," agrees a storage manager from a California insurance company, who asked not to be named. "There are many people that are a lot smarter than I am out there. It's going to happen as people get more sophisticated."

James Rogers, Senior Editor, Byte and Switch