Viruses and Worms, Protection from Disaster
Virus damage estimated at $55 billion in 2003. "SINGAPORE - Trend Micro Inc, the world's third-largest anti-virus software maker, said Friday that computer virus attacks cost global businesses an estimated $55 billion in damages in 2003, a sum that would rise this year. Companies lost roughly $20 billion to $30 billion in 2002 from the virus attacks, up from about $13 billion in 2001, according to various industry estimates." This was the story across thousands of news agencies desk January 2004. Out of $55 billion, how much did it cost your company? How much did it cost someone you know?
I. The Why
People make viruses for various reasons. These reasons range from political to financial to notoriety to hacking tools to plain malicious intent.
Political: Mydoom is a good example of a virus that was spread with a political agenda. The two targets of this virus were Microsoft and The SCO Group. The SCO Group claims that they own a large portion of the Linux source code threatened to sue everyone using Linux operating systems (with "stolen" programming source). The virus was very effective knocking down SCO's website. However, Microsoft had enough time to prepare for the second attack and efficiently sidestepped disaster.
Financial: Some virus writers are hired by other parties to either leach financial data from a competitor or make the competitor look bad in the public eye. Industrial espionage is a high risk/high payout field that can land a person in prison for life.
Notoriety: There are some that write viruses for the sole purpose of getting their name out. This is great when the virus writers are script kiddies because this helps the authorities track them down. There are several famous viruses that have the author's email in the source code or open script
Hacking Hackers sometimes write controlled viruses to assist in the access of a remote computer. They will add a payload to the virus such as a Trojan horse to allow easy access into the victims system.
Malious: These are the people that are the most dangerous. These are the blackhat hackers that code viruses for the sole intention of destroying networks and systems without prejudice. They get high on seeing the utter destruction of their creation, and are very rarely script kiddies.
Many of the viruses that are written and released are viruses altered by script kiddies. These viruses are known as generations of the original virus and are very rarely altered enough to be noticeable from the original. This stems back to the fact that script kiddies do not understand what the original code does and only alters what they recognize (file extension or victim's website). This lack of knowledge makes script kiddies very dangerous.
II. The How
Viruses are programs that need to be activated or run before they are dangerous or spread. The computer system only becomes infected once the program is run and the payload has bee deployed. This is why Hackers and Crackers try to crash or restart a computer system once they copy a virus onto it.
There are four ways a virus can spread:
Spreading through Email
Spreading through Network
Spreading through manual installation
Spreading through boot sectors
III. Minimizing the effect of viruses and worms
Email ClientsDo not open emails from unknown sources. If you have a website for e-commerce transactions or to act as a virtual business card, make sure that the emails come up with a preset subject. If the emails are being sent through server side design instead of the users email client, specify whom it is coming from so you know what emails to trust. Use common sense when looking at your email. If you see a strange email with an attachment, do not open it until you verify whom it came from. This is how most MM worms spread.
Disable preview panes in email clients. Email clients such as Outlook and Outlook Express have a feature that will allow you to preview the message when the email is highlighted. This is a Major security flaw and will instantly unleash a virus if the email is infected.
It is also a good idea to turn off the feature that enables the client to view HTML formatted emails. Most of these viruses and worms pass by using the html function "< i f r a m e s r c >" and run the attached file within the email header.
We will take a quick look at an email with the subject header of "You're now infected" that will open a file called readme.exe.
"Subject: You're now infected MIME-Version: 1.0Content-Type: multipart/related;
boundary="====_ABC1234567890DEF_===="X-Priority: 3X-MSMail-Priority: NormalX-Unsent: 1To: undisclosed-recipients:;
boundary="====_ABC0987654321DEF_====" *** (This calls the iframe)
< H T M L > < H E A D > < / H E A D > < B O D Y b g C o l o r = 3 D # f f f f f f > < i f r a m e s r c = 3 D c i d : EA4DMGBP9p height=3D0 width=3D0> *** (This calls readme.exe)< / i f r a m e > < / B O D Y > < / H T M L >
name="readme.exe" *** (This is the virus/worm)Content-Transfer-Encoding: base64Content-ID: *** (Notice the < i f r a m e s r c = ? >)
*** Broken to protect the innocent. (Worm is encoded in Base64)
Email ServersThe first step to minimizing the effect of viruses is to use an email server that filters incoming emails using antivirus software. If the server is kept up to date, it will catch the majority of Mass Mailer (MM) worms. Ask your Internet Service Provider (ISP) if they offer antivirus protection and spam filtering on their email servers. This service is invaluable and should always be included as the first line of defense.
Many companies house an internal email server that downloads all of the email from several external email accounts and then runs an internal virus filter. Combining an internal email server with the ISP protection is a perfect for a company with an IT staff. This option adds an extra layer of control, but also adds more administration time.Sample specs for an internal email server are:
Software UpdatesKeep you software up to date. Some worms and viruses replicate through vulnerabilities in services and software on the target system. Code red is a classic example. In august 2001, the worm used a known buffer overflow vulnerability in Microsoft's IIS 4.0 and 5.0 contained in the Idq.dll file. This would allow an attacker to run any program they wanted to on the affected system. Another famous worm called Slammer targeted Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000.
When updating your software, make sure to disable features and services that are not needed. Some versions of WinNT had a web server called IIS installed by default. If you do not need the service, make sure it is turned off (Code red is a perfect example). By only enabling services you need, you decrease the risk of attack.
Telecommunications SecurityInstall a firewall on the network. A firewall is a device or software that blocks unwanted traffic from going to or from the internal network. This gives you control of the traffic coming in and going out of your network. At minimum, block ports 135,137,139,445. This stops most network aware viruses and worms from spreading from the Internet. However, it is good practice to block all traffic unless specifically needed.
Security PoliciesImplementing security policies that cover items such as acceptable use, email retention, and remote access can go a long way to protecting your information infrastructure. With the addition of annual training, employees will be informed enough to help keep the data reliable instead of hinder it. Every individual that has access to your network or data needs to follow these rules. It only takes one incident to compromise the system. Only install proven and scanned software on the system. The most damaging viruses come from installing or even inserting a contaminated disk. Boot sector viruses can be some of the hardest malware to defeat. Simply inserting a floppy disk with a boot sector virus can immediately transfer the virus to the hard drive.
When surfing the Internet, do not download untrusted files. Many websites will install Spyware, Adware, Parasites, or Trojans in the name of "Marketing" on unsuspecting victims computers. Many prey on users that do not read popup windows or download freeware or shareware software. Some sites even use code to take advantage of vulnerability in Internet explorer to automatically download and run unauthorized software without giving you a choice.
Do not install or use P2P programs like Kazaa, Morpheus, or Limewire. These programs install server software on your system; essentially back dooring your system. There are also thousands of infected files floating on those networks that will activate when downloaded.
Backups & Disaster Recovery PlanningKeep daily backups offsite. These can be in the form of tape, CD-R, DVD-R, removable hard drives, or even secure file transfers. If data becomes damaged, you would be able to restore from the last known good backup. The most important step while following a backup procedure is to verify that the backup was a success. Too many people just assume that the backup is working only to find out that the drive or media was bad sixmonths earlier when they were infected by a virus or lost a hard drive. If the data that you are trying to archive is less then five gig, DVD-R drives are a great solution. Both the drives and disks have come down in price and are now a viable option. This is also one of the fastest backup methods to process and verify. For larger backups, tape drives and removable hard drives are the best option. If you choose this method, you will need to rotate the backup with five or seven different media (tapes, CD/DVD, removable drives) to get the most out of the process. It is also suggested to take a "master" backup out of the rotation on a scheduled basis and archive offsite in a fireproof safe. This protects the data from fire, flood, and theft.
In the Internet age, understanding that you have to maintain these processes will help you become successful when preventing damage and minimizes the time, costs, and liabilities involved during the disaster recovery phase if you are affected.
Virus ResourcesF-PROT: http://www.f-prot.com/virusinfo/McAfee : http://vil.nai.com/vil/default.aspSymantec Norton: http://www.symantec.com/avcenter/Trend Micro: http://www.trendmicro.com/vinfo/NIST GOV: http://csrc.nist.gov/virus/
Free softwareAVG Anti-Virus - http://free.grisoft.com FreeF-Prot - http://www.f-prot.com Free for home users
Free online Virus scanBitDefender - http://www.bitdefender.com/scanHouseCall - http://housecall.trendmicro.comMcAffe - http://us.mcafee.com/root/mfsPanda ActiveScan - http://www.pandasoftware.es/activescan/activescan-com.aspRAV Antivirus - http://www.ravantivirus.com/scan
Free online Trojan scanTrojanScan - http://www.windowsecurity.com/trojanscan/
Free online Security scanSymanted Security Check - http://security.symantec.com/sscv6Test my Firewall - http://www.testmyfirewall.com/
More Security ResourcesForum of Incident Response and Security Teams: http://www.first.org/Microsoft: http://www.microsoft.com/technet/security/current.aspxSANS Institute: http://www.sans.org/resources/Webopedia: http://www.pcwebopedia.com/Definitions
Adware: *A form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user's browsing patterns.
Software that is given to the user with advertisements already embedded in the application
Malware: *Short for malicious software, software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.
Script Kiddie: *A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability.
Spyware: *Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.
Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.
Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.
Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party.Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-to-read legal disclaimers.
Trojan: *A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.
Virus: *A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.
Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
Worm: *A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down.
* Definitions provided by Webopedia
A special thanks goes out to the CISSP community, various Chief Information Security Officer (CISO)s, and to those in the Risk assessment specialty of Information Systems Security for their help in proof reading and suggestions.
Jeremy Martin CISSP,CHS-III,CEH
Spy Scanners ? Don?t Compromise your Privacy
Spies, spyware, internet parasites are among what they are usually called. These are scouts that monitor your web activities. The work undercover to check on your surfing patterns, spending habits, items bought, they extract email addresses, hijack browsers, steal credit card information. These are just some of the things a spyware is capable of.
7 Ways to Spot a PayPal Scam E-Mail
Paypal is a great site and is used by many to send and receive money. Unfortunately some dishonest people are using the Popularity of Paypal to line their own pockets with gold at the expense of unsuspecting Pay Pal members. These paypal Scam Artists will try to get your Paypal ID and password so they can Login then Clean out your Paypal Account of all funds. Paypal is fully aware of this problem and is doing everything possible to stop this. Unfortunately if someone logs into an account with a valid Id and Password it is very hard for Paypal or any other secure site for that matter to stop it. As a Consumer you need to be educated so you can protect yourself.
Is Your Email Private? Part 1 of 3
In a word, no - an email message has always been nothing more than a simple text message sent unencrypted to a recipient we choose. So all the email that we so blithely send all over the Internet everyday is neither private nor secure. Every birthday greeting or Dear John email, every complaint, rant or verbal purge we may have sent to our employers, credit companies, congressman or customer service rep is subject to delivery errors or outright interception.
Protect Your Little Black Book
The movie Little Black Book features a young woman, Stacy, who is frustrated when her boyfriend refuses to share information about his past relationships. When his PDA, a Palm Tungsten C, falls into her hands, she is faced with a conundrum. Does she give it back, or does she explore it? If she gave it back, we wouldn't have a movie, now would we? Stacy then proceeds to identify his ex-girlfriends and contact them. Let the games begin.
Temporary Internet Files - the Good, the Bad, and the Ugly
A little bit of time invested into learning about internet security can go a long way in preventing mishaps on your computer. Temporary internet files are not something we should be afraid of, but we should certainly be careful in how much we trust them and how we deal with them.
How To Cover Your Tracks On The Internet
Every single time you access a website, you leave tracks. Tracks that others can access. If you don't like the idea, find out what software can help you cover them.
Online Cell Phone Scams and Spam
They're out there. Individuals trying to make a quick buck at your expense. You labour hours on end to produce quality content on your website only to get repetitive requests for huge numbers of product or promises for the greatest deals online. As a webmaster for a cell phone and PDA site, I've had my share of spam and scams come through, mostly via email, some posted on my forum. The purpose of this article is to provide a few methods of detecting spam and scams, and provide a few examples as well. Take a look over and protect yourself from online cellular fraud.
Steganography ? The Art Of Deception & Concealment
The Message Must Get Through-----------------------------The year is 300A.D., and you're part of a war machine unlike anything the world has ever seen. You are a field General for the Roman Empire and charged with assimilating yet another non-Roman culture. Your current mission; get tactical information you've collected in the field to an outpost one hundred miles away. The land between you and the outpost is treacherous and filled with enemy. The information you've collected is critical to the success of the current campaign and must reach the remote outpost intact. This will call for ingenious deception.
What to Look for before You Purchase Spyware Software
Huge number of spyware software applications are available in the market, some being offered as shareware while rest as freeware. (Shareware means a software available for download / CD, and can be used for a particular length of time, usually 30 days. Some are disabled as well). Before making a decision to purchase any such software we should check the reliability and should consider various attributes possessed by them and then select the best and the most appropriate one. The various attributes that one should consider to be the most important when purchasing spyware detection and removal software are -
Is Spyware Watching You?
Imagine my surprise when I received a phone call from afriend who told me he'd been the victim of a "spyware"attack that left him shaking at his loss of privacy.
Free Antivirus Security Software: Download Now to Eliminate Spyware, Pop Up Ads, etc.
Adware. Spyware. Pesky pop up ads. Internet congestion. Computer malfunctions of every kind. Obviously, you're infected!
How to Know Whether an Email is a Fake or Not
A few nights ago I received an email from "2CO" asking me to update my personal data. The sender did not forget to insert a link to log in, too.
Dialing Up a Scam: Avoiding the Auto-Dialer Virus
For many, the daily walk to the mailbox evokes mixed feelings: The glee that your favorite monthly magazine ? or a friend's hand-written letter (quite a surprise in the e-mail age) may be waiting is countered by anxiety of how many bills the postman left you.
Hacking the Body Via PDA Wireless Device
First I would like to stress I am condoning the art of hacking. Nor am I condoning the control and manipulation of the human race by way of frequencies interacting with the biological systems, which run the human body. We all know that the brain runs on chemicals and waves. We know from medicines, vitamins, alcohol, drugs and food intake that we can alter those chemicals. And most of us understand that brain waves are about allow for the process of cognition. The computers we use also run on frequencies which are use to hearing about for instance Pentium Chips running 1.2 GigaHertz. Cell phones run 800 MHz approximately. Also the power supply in a computer runs on a certain cycle creating another set of waves.
Before you enter your name, address or any other data in that form, STOP! Wait. Don't enter anything yet. If you do, you may be giving away personal information to strangers, and you know what your mom said about talking to strangers.
Is Shopping Online For Your Horse Gifts Safe?
Shopping for horse gifts or other gift items on the internetis quick, convenient and is probably safer than you think.However, you still need to be aware that it is essential tovigorously protect your privacy and financial informationwhen making purchases online.
The Saga of the Annoying Adware
When we think of adware, what comes to mind are those annoying and pesky ads that pop up out of nowhere whenever we are surfing the net. Anybody who has surfed through the net has encountered those irritating pop-up adwares advertising everything from computer software down to Viagra. Adwares are some of the most derided objects in the web alongside viruses, spyware and other malicious softwares and programs. Although adwares are alleged to be the most benign form of spyware, most web users hate the blatant and bothersome way of advertising. Most are often tricked into clicking on such adwares and end up unintentionally downloading something far more serious.
If You Sell Anything Online Your ePockets Are Being Picked
You and I are a lot alike. We are both software publishers and eBook authors getting hosed on a regular basis. You and I, my friend, are victims of software piracy that accounted for over $24 BILLION dollars in lost revenue over the last two years*. There are so many ways people can get your product for free these days. If we continue doing nothing we will lose even more money this year as potential customers become more and more aware of just how easy it is to obtain digital products without paying for them.
5 Tips For An Unbreakable Password
Despite the current wave of identity theft and corporate security breaches it's amazing how very few people treat their passwords with any level of seriousness. Most computers users, both at home and in the office, see passwords as a nuisance and therefore make them as easy to remember as possible. This can be a catastrophic mistake.
Securing Your Accounts With Well-Crafted Passwords
In the past I've never really paid much attention to security issues when it comes to user names and passwords. Frankly I figured it was all a lot of overblown hype. This led to an unfortunate incident that involved my website being attacked, apparently by a skillful youth with a propensity for mischief.
|© Athifea Distribution LLC - 2013|