New tool puts lid on worms

Cybersecurity company Silicon Defense has unveiled a new system aimed at stopping the spread of computer worms across organizations' internal networks.

With CounterMalice, information technology administrators can divide their organization's network into cells and prevent worms from spreading from one cell to the next, said Stuart Staniford, Silicon Defense's president.

"If you have a distributed organization with many offices, each office might be a cell. You can put CounterMalice at the entry point to each cell," he said.

As a network-based system, CounterMalice performs traffic analysis, identifying signs of worm-spread patterns. It can then automatically block the worm by stopping an infected host system from communicating with its intended target. Computer worms are programs that rapidly self-propagate by exploiting security flaws in widely used applications and services.

The tool is hitting the streets just as a new computer worm, Lovegate, spreads across the Internet. It was discovered Feb. 23 and has been found worldwide, most notably in the United Kingdom, Germany, throughout Europe and in Asia.

Lovegate operates by replying to messages in a Microsoft Corp. Outlook or Outlook Express user's e-mail inbox. In addition, this worm has a backdoor Trojan component that could enable the attacker to gain remote access into infected systems, according to officials with Network Associates Inc.'s Antivirus Emergency Response Team (AVERT). AVERT has categorized the worm as a medium risk.

"Worms can spread so fast and use a variety of methods to tunnel into a company. Our starting position is that you can't close down the network completely. You have to try to contain the initial infection," Staniford said.

Silicon Defense "is addressing a pain point that is important," said Pete Lindstrom, research director at consulting firm Spire Security LLC. However, the product requires "a leap of faith" because its true effectiveness can only be determined during a worm outbreak. But the leap is not a sharp one because the "Silicon folks know their stuff," he added.

Silicon Defense began by doing research in Internet security for the Defense Advanced Research Project Agency in 1988.

Lindstrom advises that IT administrators who are considering deploying CounterMalice should make sure their network is compartmentalized correctly. If an organization has a geographically dispersed network with links to other offices, an obvious area to place the system would be on links to virtual private networks or leased line connections, he said.

Pricing for CounterMalice starts at $25,000.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.