Web Applications Worms Ė The Next Internet Infestation
by Caleb Sima - co-founder and CTO of SPI Dynamics - Monday, 7 November 2005.
As the Internet community is learning, Web application worms are not solely theoretical. In fact, the Santy worm and its variants emerged around the beginning of 2005. This worm used the popular search engine Google to find Web sites running phpBB and then used a known exploit in the Web application to propagate itself. However, luckily the worm, which was a first of its kind, did not cause too much damage because it had some fundamental problems. 1. The worm had a re-infection issue. Since it used Google to find vulnerable hosts, it used the same search query for each victim, which always returned the same search results so it could never really propagate to a lot of hosts. 2. It was dependent on Google for its victim list and used a very static query to retrieve the search result. Google was notified and thus corrected the issue so the search query that was used was then denied. Still with these very obvious defects in the nature of the worm, Santy still infected over 10,000 Web sites, defacing each of them.

Tackling the Potential Infestation of Web Application Worms

The solution to Web application worms and worms in general is to fix the problem that the worm uses to propagate. Application firewalls and assessment tools can be a good start, but the real solution is to get the individuals who create software to consider security as a fundamental building block in developing software. Developers who design and build business-enabling applications generally are not security experts and therefore do not know how to avoid creating defects that are so easily exploited by hackers. These applications tend to be pushed into production with little or no security testing. Just as with the network layer, companies must now view the application-layer as a potentially open portal to corporate assets and therefore need to implement the necessary security procedures across the application lifecycle to ensure that critical assets are secure from such new attacks as application worms. With more than one million new Web applications being launched each month and successful hacker attacks in the news each week; application security should no longer be an afterthought for any organization looking to remain viable.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th