Peter Cochrane's Uncommon Sense: The ever-evolving virus

Our best defense: Build a 'killer bot'
The fight against viruses, worms, Trojan horses and other digital pests may seem futile. But Peter Cochrane has a plan for eradicating the latest computer security threat.

The computer virus is, it seems, as unstoppable as its biological forebears - and possesses the same appetite for evolution.

As the internet grows and our computers become more powerful, so do the viral attacks. It seems like only yesterday I surmised that the most successful form of artificial life we had yet encountered was indeed the computer virus, because of its ability to propagate, mutate and survive. But even more sophistication has quickly arrived in the worm, Trojan horse, spyware and spam - and there seems no end to the evolution of this modern curse to IT.

The bad news is: The next-generation threat is already here. It's a 'bot', or virus-like infection under the remote control of a distant computer, network or individual. This new threat exploits vulnerabilities in security subsystems and in some modes makes use of normally unused ports and channels, and can therefore move about on the net unnoticed and undetected. Yes, we now have thousands of bots trolling the internet, connected in a so-called 'botnet'. In an interesting twist, the latest evidence suggests that these new systems are gaining in intelligence and sophistication, and becoming evermore lifelike.

Unlike conventional viruses or worms, bots don't blindly roam the internet looking for victims. Instead they target and invade the most vulnerable hosts on a pre-organised hit list. Biological or what! Of course, such a wonderful technology has been picked up by spammers, who recruit botnets to send bulk email and create even more misery for millions of internet users.

Is there no end to this? It would appear not. As soon as we find a solution to defend ourselves against existing threats, they evolve like some nightmarish biological disease to rise again as a different variant to wreak even more havoc.

In the near future, we are most likely going to see denial-of-service attacks and other forms of disruption organised on a massive scale by robotic networks working in alliances to overcome individual websites and giant corporate networks alike.

Probably the worst feature of the new bots is the ability of the perpetuators to remotely modify and adapt their creation as it becomes less effective in the face of smarter defences. It is almost like having the hand of God remotely tweaking the genetic pool of a life form to speed up evolution. Rather than waiting for trial and error to show the route to even greater success or disruption, a combination of machine and human intelligence is being applied.

The good news, if you can call it that, is that bot technology is in its infancy and the number of reported infections to date is in the hundreds of thousands and not the hundreds of millions. This means we have a little time in hand to get protection measures in place. But my impression is that the industry is behind the game and we are currently very badly exposed. Given that any two computers on the net are separated by between four and five intermediary machines, it would only take a few hours for a major pandemic to build up in those machines and networks lacking adequate protection.

On my home and office networks I have firewalls and on each computer I have virus protection software. To date I have not had any serious problems, but I can always find at least six viral infections lurking in some corner of any one machine. In principal every email is scanned and any viral infection is dealt with immediately, but there is always a chance something will slip through. Using a non-standard operating system helps a lot, and certainly those machines that use standard systems are at considerably more risk and do suffer noticeably more contamination. All I can say is: Be careful, keep all your protection programs up-to-date, scan regularly, isolate and delete anything that looks suspicious and don't open any attachment from an unknown source or of an unrecognised designation.

In view of the billions of pounds being lost by commerce due to these mounting viral attacks, in all their varied and evolving forms, it seems to me that it's time to do something fairly drastic. In recent weeks, airline booking and check-in desks, hospitals, schools and companies have been IT-disabled for days by a single, badly written virus. To my mind it is time to derive and define a 'killer bot' capable of sniffing out and neutralising offending bots, viruses, worms, Trojan horses, spyware and spam programs.

How hard could it be? Not very for sure, and if done in league with the network, equipment and software suppliers, the global communications reaction would be near instantaneous. It is probably the only way we are going to see a viable internet in future, and given the huge resources of industry compared to the evildoers, it should present an insignificant problem. Doing nothing really is no longer an option - the longer we wait the worse it will get, and the bigger the risk involved.

To check out the efficacy of such an approach, I recently took action against a persistent nuisance that was causing me and my network some grief. Ultimately I resorted to mirroring this nuisance, and magically it went away. It appears it didn't like its own medicine!

Drafted at my home late one evening after a routine scan of my machines and the surprise discovery of five unknown, but isolated, virus attachments in deleted emails. Dispatched to from the Ipswich to London train via a 9.6Kbps GSM connection.


Peter Cochrane is an engineer, scientist, entrepreneur, futurist and consultant. He is the former CTO and head of research at BT, with a career in telecoms and IT spanning more than 40 years.


Editor's Picks