Foreword by Stuart McClure

Zero Day to Doomsday?

The security industry has evolved dramatically since the early days of computing. The viruses, worms, and malware of the early years have been dwarfed by today's threats. And as it continues to evolve, the industry faces a pivotal turning point. Will this ever-increasing sophistication (the very sophistication that we as an industry have been forced to create) jeopardize our society, culture, and markets?

Take a look at the data. If you research how long it took vulnerabilities to turn into worms in 1999, and compare this data with today's number, you'd find that a self-propagating worm is crafted 20 times faster today than in 1999—from 280 days in 1999 to four days in 2004. These worms are easily crafted and indiscriminately launched today, and the knowledge needed to accomplish these attacks is diminishing to near zero. What this means is that more hackers are writing more attacks in a quicker time period than ever before.

Our first taste of these new, more sophisticated worms came in the late '90s with worms like the "sadmind." This worm started out by attacking the RPC service native to the Solaris operating system, sadmind. Once compromised, the worm moved from Sun Solaris systems to Windows boxes, hacking them up in turn. We've also seen worms that have used multiple attack vectors, taking advantage of multiple techniques of attack on different services. And we've seen worms that have morphed themselves, making it incredibly difficult to detect and prevent them. These blended threats are what awaits us but not as individual worms. Tomorrow's worms will combine all these aspects (multiplatform, multiapplication, and multivector) to produce a zero-day worm that has no fix and few mitigating steps.

And what kind of damage could these worms really do? It could affect anything and everything. Much of our markets, infrastructure, and banking are all computerized and interconnected. Ask yourself what would happen if you couldn't get to your money at your bank or broker for a month, or if you couldn't cross railroad tracks or street lights without worrying about an oncoming car seeing the same green light as you. Think this stuff is made for fiction novels? Think again.

Take the recent Banker.J worm. When executed, this worm infects the system in much the same way as prior worms have, but in one significant way, it is the first series of worms that take advantage of phishing techniques. A phishing attack is one that tries to steal your bank's username and password by redirecting you to log in to the attacker's posed Web site. When you enter phishers' Web sites, they use that username and password to log in to your bank themselves, set up a payee in online billpay, and then write themselves a check. But instead of redirecting the user to an alternative site, the worm simply displays the same Web page on the infected system, making the user believe that he is really going to his bank's Web site. Hear that flushing sound coming from your bank?

So who are these people, and why do they do this? Most of them are unsophisticated wannabes who are driven by ego and a sense of superiority. Others are fueled by money and organized crime. But regardless of the motivation and the reason for phishers' attacks, you must educate yourself and affect the source of the problem. Vulnerabilities exist in every product or process made, and until they are managed and mitigated, attackers will forever exploit them. There is no silver bullet, no magic dust to throw at the problem. And no single product or service or training will ever give you all the tools you need to fight this menace.

Just like a soldier in the battlefield, you need everything you can get your hands on. This book is your ammunition, and it should be required reading for the security soldiers among you who won't allow themselves to be yet another victim. Read every page, understand the content, and leverage it for good. Don't let this excellent piece of work slip through your academic fingers. Hack safely.