Worms capable of carrying out simultaneous attacks across a range of operating systems or exploiting multiple vulnerabilities could arrive this year, according to Gerhard Eschelbeck, the outspoken CTO of US security specialist Qualys.
Long predicted in doom-laden tones by security experts, such multi-platform ‘super-worms’ could now be inevitable given the increasing frequency and sophistication of major attacks, he said.
Stopping such an attack would require coordination across a diverse range of systems, making it difficult to counter and potentially devastating for company systems. Likely targets would include Windows, Unix and possibly Linux.
Concern about such a possibility is nothing new but Eschelbeck’s is the starkest prediction yet that what has previously been seen as a theoretical threat is now imminent.
“RPCs will be one of the first targets of multi-platform worms,” he said referring to widespread concern at the vulnerabilities posed by software Remote Procedure Calls (RPCs).
These are programming calls widely used in client-server systems - especially between software running on different platforms - and can allow remote access to processes running on servers.
To date, the most notable example of an RPC exploit was the W.32 Blaster worm that targeted Windows users in August 2003.
Eschelbeck dismissed the view that a reduction in Windows dominance of the OS market would afford protection. “More choice in operating systems wouldn’t have any effect on security,” he maintained.
“This week’s attack was really social engineering,” he said of MyDoom, which manipulated people’s naivety about file attachments to aid its spread.
And the future? He predicted that an increasing number of attacks would target specific companies, industries or even countries. “If you put monetary interest behind it you can imagine some interesting targets.”