The Anatomy of Malice

This press release is copyrighted by The Institute of Electrical and Electronics Engineers, Inc. (IEEE). Its use is granted only to journalists and news media. Embargo date: 26 October 2001, 5:00 p.m. ET.

Nearly every week brings news of some new threat to the world's information infrastructure. In a disturbing trend, computer viruses and worms are being used by remote intruders to gain access to a network or to pressgang computers into an infowar against some hapless target.

The November issue of IEEE Spectrum looks under the surface of the bewildering array of malicious programs to pull out the common threads by which computer systems become compromised. Only by understanding these underlying similarities can users, system administrators, and managers create defenses and prepare against future attacks in a way that balances security, cost, productivity, and user-friendliness.

Examining in detail the Melissa virus, Spectrum shows how it, and the other e-mail viruses like 'I LOVE YOU,' were able to overwhelm corporate mail servers in just a few hours. Also analyzed is how hidden weaknesses in legitimate, but poor quality, software open the door to infection by computer worms like Code Red and Nimda.

Spectrum makes the case that the best defense for our global information infrastructure may be an awareness that no silver bullet exists. Instead, some rational business decisions about how to formulate and implement security policies must be made, and there must be a greater insistence by organizations on higher quality products from software manufacturers.

Contact: Stephen Cass, 212 419 7754, [email protected].For faxed copies of the complete article ["The Anatomy of Malice" by Stephen Cass, Associate Editor, IEEE Spectrum, November 2001, pp. 56-60] or to arrange an interview, contact: Nancy T. Hantman, 212 419 7561, [email protected].

###