Threat Research

The 'fast and the furious'… with the new netizen generation

By Martin Hoz | March 19, 2009

The title of this post could be a nickname for the new breed of Internet worms that attack our networks today. Every new big worm or virus finds a more clever way to disseminate faster than his predecessors. But also the payloads are potentially more destructive, innovating on that side too…

Does this have a direct relationship with faster computer power on the desktops and bigger bandwidth available? Of course! We are not reinventing the wheel, here. But there is another factor that is sometimes not taken into account: the growing population of non-technically savvy people accessing the Internet. People who unknowingly assist in the spread of malware.

I had my first Internet account around October 1993. Bandwidth was scarce, computing power was precious, but above all, you had to know your way to UUCODE binary files to ASCII files so they could be sent as e-mail attachment. Today you just click on it and voilá! It’s done. You had to know how to use an FTP client to download files, Archie to look for it; and you had to learn to use Veronica and Gopher to transfer documents.

Later when the Internet penetrated into business organizations there was some sort of policies and/or guidelines regulating the proper usage of the resources and also educating the personnel on what to be careful about, in order to keep business running smoothly (and even then, we had infections). And then we got Internet access at home, where you don’t have any kind of restrictions. For good and for bad..

People unaware of technical details trust what is published on a webpage not realizing it can be phishing. People not aware of technical details trust content sent (apparently) by a friend not realizing it can be a virus spreading or spam sent by somebody else. People love the Christmas tree program they got from a friend, not knowing it could be a malware program turning his or her PC into a zombie under the control of somebody else. People get an email promising $10 million from a seemingly important person in Africa or promising contact with an attractive person from the other side of the world, and when the offer looks good and legitimate, they tend to believe it without asking, “Is there a catch?”

Even worse, there are technically savvy people who sometimes do not take the appropriate steps to protect themselves. When I ask fellow computer professionals on technology forums if they take a look at their logs and if patch their home computers frequently, often the answer is no. they patch their business computer, but not the one at home. And only a few read logs…

Today we have both proactive and corrective technology to avoid and/or clean the majority of the technological damage that malware can produce. Speed is increasing to catch more (both in amount and coverage) malware in less time. But technology wouldn’t solve everything by itself, while we keep forgetting the human interaction.

All of us on the internet security industry are trying to do something about it. We need everybody in the Internet community to help realizing this. Just like in the case of global warming, one person can make a huge difference

Join the Discussion