Investigations into megavirus threat
8th January 2003 (The Star)
By STEVEN PATRICK

PETALING JAYA: The Federal Commercial Crimes division said it is aware of the purportedly "Malaysian" virus writer who has threatened to unleash a "megavirus" if the United States attacks Iraq.

A source in the division said they are working on an official response to In.Tech enquiries but did not specify when a statement would be made.

The source said that the division was looking into it and "action is being taken."

The National ICT Security and Emergency Response Centre (Niser) also said it was aware of the threat and that it was currently being investigated by the relevant authorities.

The threat first surfaced in a US-based trade publication Computerworld last November. In an interview, a person who identified himself as "Vladimor Chamlkovic" claimed he had written a worm -- codenamed Scezda -- that incorporated the destructive features of the Sircam, Klez and Nimda worms (see In.Tech on Tuesday).

Security experts are not unduly concerned however, noting that Chamlkolvic -- who goes by the handle "Melhacker" -- has a poor track record in developing viruses.

Antivirus company Symantec Corp describes his worms as having a low geographical distribution, and are easy to contain and remove.

Experts are not ruling out the possibility that Chamlkovic is nothing more than an attention seeker. He maintains a website, Melhacker Inc, in English and Bahasa Malaysia, although only the latter is accessible.

Chamlkovic told Computerworld that he has close ties with Malaysian hackers.

The Bahasa Malaysia website is hosted by web service provider Netlux, believed to be Ukraine-based.

The threat of a megavirus

Should the claim of a Chamlkovic megavirus be true, the unholy alliance of Sircam, Klez and Nimda worms would be a force to be reckoned with.

In the past, mixed threats like Code Red, SirCam and Nimda have combined the features of viruses, worms and Trojans. Code Red and Nimda caused US$2.6bil (RM9.9bil) and US$530mil (RM1.9bil) worth of damage worldwide in August 2001 and Sept 2001 respectively.

Nimda alone infected 2.2 million systems in 24 hours, according to a report by Computer Economics. Nimda had more than 20 forms of attack, including the ability to exploit vulnerabilities in various computer programs.

Another menacing virus emerged in 2002 -- the Klez.H variant, regarded as a persistent e-mail worm. Klez has the ability to "spoof" e-mail addresses, sending out infected mail under names that it grabs from a victim's address book while the true source of infection often cannot be traced.

Multiple methods of transmission means that the usual safeguards against mass-mailing viruses, such as not opening suspicious e-mail attachments, may not apply.

Symantec Australia Pty Ltd (www. symantec.com) told In.Tech in a previous interview that more computer viruses are now capable of multiple forms of attacks and a single form of protection is no longer enough for corporate computer systems.

Symantec's Asia Pacific group manager Leigh Costin classified this as a "blended threat" because damage is caused by blending more than one method of attack into a single virus.

For companies, he said, a firewall alone is not enough to stop viruses at the doorstep and this must be coupled with other antivirus and intrusion detection systems. Various other forms of protection must be placed on webservers, mailservers and workstations, he added.

Even home users who connect to the Internet often should equip themselves with firewalls and intrusion detection systems because an antivirus program alone is not good enough, Costin said.