Hackfest reveals worms getting smarter

This week hackers and security professionals mix amicably on neutral ground as Las Vegas, the city of fear and loathing, plays host to the annual Def Con and Black Hat conferences.

It's where security watchers from both sides of the fence swap cutting edge techniques on making and breaking security in the future.

A hot topic at the Black Hat conference was worms. According to Crimelabs Security Group, worm creators are getting smarter and coding techniques becoming more complex.

Future worms will thrive on subtlety and disguise, making it harder to detect and stop them.

They will be able to automatically update components on the fly, effectively morphing them into a different virus.

Crimelabs worm researcher Jose Nazario expects them to be able to use a number of different network protocols and stronger encryption capabilities, allowing them to communicate with a controlling machine.

Nazario reckons worms will be broken up into components that can be mixed and matched depending on the worm's mission.

Coupled with dynamic updating facilities, future worms will be able to change their toolkit to suit the job in hand, be it total destruction or taking control of a machine.

The most worrying claim made by Nazario is that traditional virus fighting techniques will no longer work on dynamic worms.

Today, once it is understood how a worm works, we can assume it works the same on all systems.

Dynamic worms would require in-depth analysis to determine what type of scans or attack types are being carried out by which worm.

Simply keeping antivirus software up to date won't work. Instead, anomaly detection, agent-based intrusion detection systems and fooling worms into updating components with malicious code, or "poison" updates, will become the new tools of the antivirus teams.