worm blog: The Latest in Internet Attacks: Web Application Worms

« Detecting Worm Propagation Using Traffic Concentration Analysis and Inductive Learning | Main | Morocco to try suspected computer worm author »

The Latest in Internet Attacks: Web Application Worms

Kamal contributes this article he found recently posted describing how web application worms may be a nefarious subject we'll see more of in the future. We've posted about this on wormblog before (see Web Application Worms: Myth or Reality? and Anatomy of the web application worm, both posted within the past few months).

By taking a look at how Web application worms work, it is apparent that these Internet attacks have similar problems with widespread success as seen with traditional network worms, but to a lesser extent. For instance, the ability to identify targets for attacks becomes a much easier game. No longer do Internet worms have to guess at which targets to hit. Search engines create this list for them and even narrow it down to the most vulnerable targets. The most dangerous part of Web application worms’ Internet attacks is that most of the application-level issues they aim to exploit are development errors within the application code and are not simply corrected by installing a patch.

Source: The Latest in Internet Attacks: Web Application Worms, Caleb Sima, posted to Security Park on September 7, 2005.

My take on the article is not very favorable. It seems to me that Mr. Sima's marketing piece is nothing more than promoting solutions from his company. The statement from the above quote, that application worms are a threat because "the application-level issues they aim to exploit are development errors within the application code and are not simply corrected by installing a patch" is patently wrong. Plenty of web application errors like file upload errors, cross site scripting, SQL injection issues are fixed by issuing patches. The Santy worm, which the article focuses on as a great example of a web application worm, was unable to spread to hosts that had been patched. I suppose the take home message Mr. Sima is shooting for us to think that his company's proprietary solution is the only remedy in the face of patches that don't work.

September 9, 2005 in editorial, media, new trends | Permalink
Tell others: digg submit | del.icio.us this | Reddit