New tool puts lid on worms

Cybersecurity company Silicon Defense has unveiled a new system aimed at stopping the spread of computer worms across organizations' internal networks.

With CounterMalice, information technology administrators can divide their organization's network into cells and prevent worms from spreading from one cell to the next, said Stuart Staniford, Silicon Defense's president.

"If you have a distributed organization with many offices, each office might be a cell. You can put CounterMalice at the entry point to each cell," he said.

As a network-based system, CounterMalice performs traffic analysis, identifying signs of worm-spread patterns. It can then automatically block the worm by stopping an infected host system from communicating with its intended target. Computer worms are programs that rapidly self-propagate by exploiting security flaws in widely used applications and services.

The tool is hitting the streets just as a new computer worm, Lovegate, spreads across the Internet. It was discovered Feb. 23 and has been found worldwide, most notably in the United Kingdom, Germany, throughout Europe and in Asia.

Lovegate operates by replying to messages in a Microsoft Corp. Outlook or Outlook Express user's e-mail inbox. In addition, this worm has a backdoor Trojan component that could enable the attacker to gain remote access into infected systems, according to officials with Network Associates Inc.'s Antivirus Emergency Response Team (AVERT). AVERT has categorized the worm as a medium risk.

"Worms can spread so fast and use a variety of methods to tunnel into a company. Our starting position is that you can't close down the network completely. You have to try to contain the initial infection," Staniford said.

Silicon Defense "is addressing a pain point that is important," said Pete Lindstrom, research director at consulting firm Spire Security LLC. However, the product requires "a leap of faith" because its true effectiveness can only be determined during a worm outbreak. But the leap is not a sharp one because the "Silicon folks know their stuff," he added.

Silicon Defense began by doing research in Internet security for the Defense Advanced Research Project Agency in 1988.

Lindstrom advises that IT administrators who are considering deploying CounterMalice should make sure their network is compartmentalized correctly. If an organization has a geographically dispersed network with links to other offices, an obvious area to place the system would be on links to virtual private networks or leased line connections, he said.

Pricing for CounterMalice starts at $25,000.