Virus writers approach zero day exploits

Four days was all virus writers needed to take advantage of the latest Internet Explorer vulnerability. Mydoom AG, which sends links to a website unwittingly hosted by an infected PC, has capitalised on a weakness only announced on Friday.

The time it takes to exploit a flaw has been rapidly shortening, and analysts suggest the trend will continue until a zero day exploit occurs.

"The is one of the fastest we've seen yet. Blaster was produced in 18 days but four is very quick. I think we're approaching the final frontier now, the zero day exploit," said Mikko Hypponen, director of anti-virus research at F-Secure.

Hypponen suggested that the gap between announcement of the flaw and its exploitation is narrowing because of increased cooperation between those producing the viruses.

"Virus writers and old school hackers are increasingly working together. We see this a lot now," he said.

Mydoom AG turns each infected machine into a download server, a system similar to that which made the Blaster worm spread rapidly. Users of Windows XP SP2 will not be affected but Windows 2000 and XP SP1 are vulnerable and, as yet, patchless.

"I don't think Microsoft were aware of the problem and that's why there are no patches yet. It could be very serious for a company running Windows 2000, which a lot of them still do," Hypponen said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.