Information Technology Reference
In-Depth Information
Two early worms to strike instant messaging systems were Choke and Hello, which
appeared in 2001. Worms were less devastating back then, because only about 141
million people used instant messaging. Today more than 800 million people rely on
instant messaging, so the impact of worms can be much greater. The appearance of the
Kelvir worm in 2005 forced the Reuters news agency to remove 60,000 subscribers from
its Microsoft-based instant messaging service for 20 hours [30]. In 2010 a variant of
the Palevo instant messaging worm rapidly spread through Romania, Mongolia, and
Indonesia [31].
The Conficker (or Downadup) worm, which appeared on Windows computers in
November 2008, is notable because computer security experts have found it partic-
ularly difficult to eradicate. The worm is able to propogate in several ways [32]. The
original variant of the worm spread to computers that were not up-to-date with the lat-
est security patches from Microsoft. The second version of the worm, which appeared
about a month later, had two new features that accelerated its spread: the ability to in-
vade computers with weak password protection and the ability to propogate through
USB memory sticks and shared files on local area networks. Early in 2009, between 8
and 15 million computers were infected with Conficker, including portions of military
networks in France, the United Kingdom, and Germany [33].
According to Rodney Joffe of the Conficker Working Group, “It's using the best
current practices and state of the art to communicate and to protect itself ” [34]. Even
though millions of copies of this worm are circulating, it does not appear to have done
great harm. Security experts remain baffled as to the goals of those who created it [35].
Cross-site scripting
is another way in which malware may be downloaded without a
user's knowlege. Web sites that allow users to read what other users have posted are
vulnerable to this security problem. The attacker injects a client-side script into a Web
site. When an innocent user visits the site sometime later, the user's browser executes the
script, which may steal cookies, track the user's activity, or perform another malicious
action.
Many malware creators have hacked into legitimate Web sites and installed software
booby traps. In some cases, simply visiting a compromised Web site can result in the
unintentional downloading of software, called a
drive-by download
. Another kind of
drive-by download occurs when a Web surfer encounters a pop-up window asking
permission to download software. The user approves the download, thinking the code
is necessary to view the content on the Web site, but in actuality the download contains
malware.
