The latest superworm malware, reported just this morning by The Register, threatens Mac OS, Windows, and VMware. It appears to have been discussed by both Symantec and Kaspersky Labs a month ago, but their report focused on its Mac attack capacities.
Are we entering a new age of superworms? Stuxnet and Flame, for example -- the exploits apparently sponsored by the US government, which were discovered when they escaped into the wild -- have been characterized as sophisticated varieties of worm malware. It's too early to speculate who might be responsible for the latest threat. They're calling it "Crisis."
The two distinguishing characteristics of "worm" malware are that it's an independent program (viruses infect existing programs) and that it can replicate to spread itself through networks and from device to device. The definition of a "superworm" is less clear, but they've been around a long time. Some analysts simply characterize them as worms that can patiently lie dormant, without causing damage or being discovered. Some superworms morph rapidly, making them hard to combat using AV software. Some report to botnets rather than a single server, making them harder to disable.
This latest lovely specimen, Crisis, presents itself as a Java flash player applet. Ingeniously, once opened, it can identify its host platform and execute the appropriate file to attack the specific OS. It then installs spyware and opens a backdoor, so that its operators have free access to the network. It's believed to be able to spread from Windows to VMware and Windows-powered mobile devices, including smartphones.
Well might you shudder.
Is this another government-sponsored exploit, or is there a cybercrime objective (assuming they're different things)? Kaspersky Labs, of course, was at the forefront in uncovering Stuxnet and Flame, but this superworm seems to have become known to the security community at large at around the same time.
Also, why is it only now receiving wider publicity outside specialist security blogs? The first superworm capable of spreading to virtual machines is surely worth attention, but have relatively few users been affected?
As usual, questions outnumber answers, but we'll be keeping an eye on Crisis. Oh, and watching out for suspicious Java applets, too.
— Kim Davis , Community Editor, Internet Evolution