One Virus Down, One to Go

While the Kama Sutra virus failed to live up to its voracious billing, a new mystery virus will keep IT managers on their toes over the weekend.

According to reports, the new and as yet unnamed virus caused trading to be suspended for an hour today on the Russian Trading System (RTS) stock exchange. The virus took out a trading system with a classic denial-of-service attack, overloading RTS routers till they shut down.

But experts are still scratching their heads about the new threat. We don’t know what virus it is yet,” admits Carole Theriault, Senior Security Consultant at analyst firm Sophos Plc. “It could be a worm, it could be a bespoke Trojan.”

Unlike the Kama Sutra virus, which has dominated the media for weeks, the attack on the Russian stock exchange came totally out of the blue. Theriault thinks this should serve as a warning to other users: “It’s a good reminder. It’s the ones that you don’t hear about that are the most dangerous.”

Theriault told Byte and Switch that events in Russia underline the need for firms to think about data backup. “No one wants to be in that position -- you can imagine how much money was lost in the hour when the system was down.”Actually, we can't. But these viruses with no known signature, so-called zero-day threats, remain a major bugaboo for enterprises. Vendors and malicious code writers are locked in an escalating cycle, with each side hellbent on having the last word. (See Startup Skybox to Raise $10M, Security Approaches Day Zero, and Is Zero Day a Cash Cow?.)

The problem may not be resolved with more technology. A few months ago, 3Com upped the ante with cash rewards to those who notify it of vulnerabilities in its own or other vendors’ products. (See 3Com Offers Zero-Day Bounty, and 3Com Intros Zero Day Initiative.) Mozilla and iDefense Inc., recently acquired by VeriSign Inc., have also flashed their cash for security information. Last year Microsoft paid out $250,000 to two informants who helped nail the creator of the Sasser worm. (See Microsoft Rewards Sasser Snitches.)

The threat posed by the Kama Sutra virus, on the other hand -- widely expected to start corrupting files today -- was overblown. Theriault says that Sophos has not received any reports of firms losing their data on account of the virus.

Jayson Hahn, CIO at New Jersey-based manufacturer Merrimac Industries told Byte and Switch that he survived the Kama Sutra virus unscathed but took extra precautions. In addition to the anti-virus software on his firm’s storage, servers, and desktops, the exec warned internal users to be on their guard. “I added an additional layer of protection by sending out an email informing everyone of what was about to happen.”

An IT manager from a New York-based mortgage company, who asked not to be named, agreed that communication is critical to avoiding this type of threat. “You need to proactively make sure that all end users are notified of the potential exploit and the risks associated with it.”— James Rogers, Senior Editor, Byte and Switch

Organizations mentioned in this article: