Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Viruses and Worms, Protection from Disaster > NetSparsh - Viral Content you Love & Share

Viruses and Worms, Protection from Disaster

Virus damage estimated at $55 billion in 2003. "SINGAPORE - Trend Micro Inc, the world's third-largest anti-virus software maker, said Friday that computer virus attacks cost global businesses an estimated $55 billion in damages in 2003, a sum that would rise this year. Companies lost roughly $20 billion to $30 billion in 2002 from the virus attacks, up from about $13 billion in 2001, according to various industry estimates." This was the story across thousands of news agencies desk January 2004. Out of $55 billion, how much did it cost your company? How much did it cost someone you know?

I. The Why
There is an average of 10-20 viruses released every day. Very few of these viruses actually make ?Wild? stage. Viruses are designed to take advantage of security flaws in software or operating systems. These flaws can be as blatant as Microsoft Windows NetBIOS shares to exploits using buffer overflows. Buffer overflows happen when an attacker sends responses to a program longer then what is expected. If the victim software is not designed well, then the attacker can overwrite the memory allocated to the software and execute malicious code.

People make viruses for various reasons. These reasons range from political to financial to notoriety to hacking tools to plain malicious intent.

Political: Mydoom is a good example of a virus that was spread with a political agenda. The two targets of this virus were Microsoft and The SCO Group. The SCO Group claims that they own a large portion of the Linux source code threatened to sue everyone using Linux operating systems (with "stolen" programming source). The virus was very effective knocking down SCO's website. However, Microsoft had enough time to prepare for the second attack and efficiently sidestepped disaster.

Financial: Some virus writers are hired by other parties to either leach financial data from a competitor or make the competitor look bad in the public eye. Industrial espionage is a high risk/high payout field that can land a person in prison for life.

Notoriety: There are some that write viruses for the sole purpose of getting their name out. This is great when the virus writers are script kiddies because this helps the authorities track them down. There are several famous viruses that have the author's email in the source code or open script

Hacking Hackers sometimes write controlled viruses to assist in the access of a remote computer. They will add a payload to the virus such as a Trojan horse to allow easy access into the victims system.

Malious: These are the people that are the most dangerous. These are the blackhat hackers that code viruses for the sole intention of destroying networks and systems without prejudice. They get high on seeing the utter destruction of their creation, and are very rarely script kiddies.

Many of the viruses that are written and released are viruses altered by script kiddies. These viruses are known as generations of the original virus and are very rarely altered enough to be noticeable from the original. This stems back to the fact that script kiddies do not understand what the original code does and only alters what they recognize (file extension or victim's website). This lack of knowledge makes script kiddies very dangerous.

II. The How
Malicious code has been plaguing computer systems since before computers became a common household appliance. Viruses and worms are examples of malicious code designed to spread and cause a system to perform a function that it was not originally designed to do.

Viruses are programs that need to be activated or run before they are dangerous or spread. The computer system only becomes infected once the program is run and the payload has bee deployed. This is why Hackers and Crackers try to crash or restart a computer system once they copy a virus onto it.

There are four ways a virus can spread:
1.) Email
2.) Network
3.) Downloading or installing softwarev 4.) Inserting infected media

Spreading through Email
Many emails spread when a user receives an infected email. When the user opens this email or previews it, the virus is now active and starts to immediately spread.

Spreading through Network
Many viruses are network aware. This means that they look for unsecured systems on the network and copy themselves to that system. This behavior destroys network performance and causes viruses to spread across your system like wildfire. Hackers and Crackers also use Internet and network connections to infect systems. They not only scan for unprotected systems, but they also target systems that have known software vulnerabilities. This is why keeping systems up to date is so important.

Spreading through manual installation
Installing software from downloads or disks increase the risk of infection. Only install trusted and scanned software that is known to be safe. Stay away from freeware and shareware products. These programs are known to contain Spyware, Adware, and viruses. It is also good policy to deny all Internet software that attempts to install itself unless explicitly needed.

Spreading through boot sectors
Some viruses corrupt the boot sector of disks. This means that if another disks scans the infected disk, the infection spreads. Boot sector viruses are automatically run immediately after the disk is inserted or hard drive connected.

III. Minimizing the effect of viruses and worms
We have all heard stories about the virus that destroyed mission critical company data, which cost companies months to recover and thousands of dollars and man-hours restoring the information. In the end, there are still many hours, costs, and would be profits that remain unaccounted. Some companies never recover fully from a devastating attack. Taking simple precautions can save your business

Anti-virus Software
Another step is to run an antivirus program on the local computer. Many antivirus programs offer live update software and automatically download the newest virus definitions minutes after they are released (Very important that you verify these updates weekly if not daily). Be careful of which antivirus program you chose. Installing a PC antivirus on a network can be more destructive on performance than a virus at work. Norton makes an effective corporate edition specifically designed for Windows NT Server and network environments. When using antivirus software on a network, configure it to ignore network drives and partitions. Only scan the local system and turn off the auto protection feature. The auto-protect constantly scans your network traffic and causes detrimental network issues. Corporate editions usually have this disabled by default. PC editions do not.

Email Clients Do not open emails from unknown sources. If you have a website for e-commerce transactions or to act as a virtual business card, make sure that the emails come up with a preset subject. If the emails are being sent through server side design instead of the users email client, specify whom it is coming from so you know what emails to trust. Use common sense when looking at your email. If you see a strange email with an attachment, do not open it until you verify whom it came from. This is how most MM worms spread.

Disable preview panes in email clients. Email clients such as Outlook and Outlook Express have a feature that will allow you to preview the message when the email is highlighted. This is a Major security flaw and will instantly unleash a virus if the email is infected.

It is also a good idea to turn off the feature that enables the client to view HTML formatted emails. Most of these viruses and worms pass by using the html function "< i f r a m e s r c >" and run the attached file within the email header.

We will take a quick look at an email with the subject header of "You're now infected" that will open a file called readme.exe.

"Subject: You're now infected MIME-Version: 1.0 Content-Type: multipart/related;

type="multipart/alternative";

boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 To: undisclosed-recipients:;

--====_ABC1234567890DEF_==== Content-Type: multipart/alternative;

boundary="====_ABC0987654321DEF_====" *** (This calls the iframe)

--====_ABC0987654321DEF_==== Content-Type: text/html;

charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

< H T M L > < H E A D > < / H E A D > < B O D Y b g C o l o r = 3 D # f f f f f f > < i f r a m e s r c = 3 D c i d : EA4DMGBP9p height=3D0 width=3D0> *** (This calls readme.exe) < / i f r a m e > < / B O D Y > < / H T M L >

--====_ABC0987654321DEF_====--

--====_ABC1234567890DEF_==== Content-Type: audio/x-wav;

name="readme.exe" *** (This is the virus/worm) Content-Transfer-Encoding: base64 Content-ID: *** (Notice the < i f r a m e s r c = ? >)

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9u YWwvL0VOIj4NIDxodG1sPg08aGVhZD4NPHRpdGxlPldobydzIHRoZSBiZXN0LS0tLS0tPyAt IHd3dy5lemJvYXJkLmNvbTwvdGl0bGU+DQ0NDTxzY3JpcHQgbGFuZ3VhZ2U9amF2YXNjcmlw dCBzcmM9aHR0cDovL3d3dzEuZXpib2FyZC5jb20vc3BjaC5qcz9jdXN0b21lcmlkPTExNDc0 NTgwODI+PC9zY3JpcHQ+DTxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPg08IS0tDWZ1 bmN0aW9uIE1NX29wZW5CcldpbmRvdyh0aGVVUkwsd2luTmFtZSxmZWF0dXJlcykgeyAvL3Yy

*** Broken to protect the innocent. (Worm is encoded in Base64)

aHJlZj1odHRwOi8vY2l0YWRlbDMuZXpib2FyZC5jb20vZmNhbGhpc3BvcnRzZnJtMT5Gb290 YmFsbDwvYT4NIA08Zm9udCBjb2xvcj0jRkYwMDAwPiAtIDwvZm9udD4NDTxicj48YnI+PGJy Pjxicj5Qb3dlcmVkIEJ5IDxhIGhyZWY9aHR0cDovL3d3dy5lemJvYXJkLmNvbS8+ZXpib2Fy ZK48L2E+IFZlci4gNi43LjE8YnI+Q29weXJpZ2h0IKkxOTk5LTIwMDEgZXpib2FyZCwgSW5j Lg08L2NlbnRlcj4NPC9ib2R5Pg08L2h0bWw+DQ0NDQoNCj==

--====_ABC1234567890DEF_====--"

Email Servers The first step to minimizing the effect of viruses is to use an email server that filters incoming emails using antivirus software. If the server is kept up to date, it will catch the majority of Mass Mailer (MM) worms. Ask your Internet Service Provider (ISP) if they offer antivirus protection and spam filtering on their email servers. This service is invaluable and should always be included as the first line of defense.

Many companies house an internal email server that downloads all of the email from several external email accounts and then runs an internal virus filter. Combining an internal email server with the ISP protection is a perfect for a company with an IT staff. This option adds an extra layer of control, but also adds more administration time. Sample specs for an internal email server are:

Setup #1
* Linux: OS
* Sendmail: mail server
* Fetchmail: Grabs email from external email addresses
* F-prot: Antivirus
* SpamAssassin: Spam Filter

Setup #2
* Win 2003 Server: OS
* Exchange: Email server
* Symantec antivirus: Antivirus
* Exchange Intelligent Message Filter: Spam Filter

Software Updates Keep you software up to date. Some worms and viruses replicate through vulnerabilities in services and software on the target system. Code red is a classic example. In august 2001, the worm used a known buffer overflow vulnerability in Microsoft's IIS 4.0 and 5.0 contained in the Idq.dll file. This would allow an attacker to run any program they wanted to on the affected system. Another famous worm called Slammer targeted Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000.

When updating your software, make sure to disable features and services that are not needed. Some versions of WinNT had a web server called IIS installed by default. If you do not need the service, make sure it is turned off (Code red is a perfect example). By only enabling services you need, you decrease the risk of attack.

Telecommunications Security Install a firewall on the network. A firewall is a device or software that blocks unwanted traffic from going to or from the internal network. This gives you control of the traffic coming in and going out of your network. At minimum, block ports 135,137,139,445. This stops most network aware viruses and worms from spreading from the Internet. However, it is good practice to block all traffic unless specifically needed.

Security Policies Implementing security policies that cover items such as acceptable use, email retention, and remote access can go a long way to protecting your information infrastructure. With the addition of annual training, employees will be informed enough to help keep the data reliable instead of hinder it. Every individual that has access to your network or data needs to follow these rules. It only takes one incident to compromise the system. Only install proven and scanned software on the system. The most damaging viruses come from installing or even inserting a contaminated disk. Boot sector viruses can be some of the hardest malware to defeat. Simply inserting a floppy disk with a boot sector virus can immediately transfer the virus to the hard drive.

When surfing the Internet, do not download untrusted files. Many websites will install Spyware, Adware, Parasites, or Trojans in the name of "Marketing" on unsuspecting victims computers. Many prey on users that do not read popup windows or download freeware or shareware software. Some sites even use code to take advantage of vulnerability in Internet explorer to automatically download and run unauthorized software without giving you a choice.

Do not install or use P2P programs like Kazaa, Morpheus, or Limewire. These programs install server software on your system; essentially back dooring your system. There are also thousands of infected files floating on those networks that will activate when downloaded.

Backups & Disaster Recovery Planning Keep daily backups offsite. These can be in the form of tape, CD-R, DVD-R, removable hard drives, or even secure file transfers. If data becomes damaged, you would be able to restore from the last known good backup. The most important step while following a backup procedure is to verify that the backup was a success. Too many people just assume that the backup is working only to find out that the drive or media was bad six months earlier when they were infected by a virus or lost a hard drive. If the data that you are trying to archive is less then five gig, DVD-R drives are a great solution. Both the drives and disks have come down in price and are now a viable option. This is also one of the fastest backup methods to process and verify. For larger backups, tape drives and removable hard drives are the best option. If you choose this method, you will need to rotate the backup with five or seven different media (tapes, CD/DVD, removable drives) to get the most out of the process. It is also suggested to take a "master" backup out of the rotation on a scheduled basis and archive offsite in a fireproof safe. This protects the data from fire, flood, and theft.

In the Internet age, understanding that you have to maintain these processes will help you become successful when preventing damage and minimizes the time, costs, and liabilities involved during the disaster recovery phase if you are affected.

Resources

Virus Resources F-PROT: http://www.f-prot.com/virusinfo/ McAfee : http://vil.nai.com/vil/default.asp Symantec Norton: http://www.symantec.com/avcenter/ Trend Micro: http://www.trendmicro.com/vinfo/ NIST GOV: http://csrc.nist.gov/virus/

Free software AVG Anti-Virus - http://free.grisoft.com Free F-Prot - http://www.f-prot.com Free for home users

Free online Virus scan BitDefender - http://www.bitdefender.com/scan HouseCall - http://housecall.trendmicro.com McAffe - http://us.mcafee.com/root/mfs Panda ActiveScan - http://www.pandasoftware.es/activescan/activescan-com.asp RAV Antivirus - http://www.ravantivirus.com/scan

Free online Trojan scan TrojanScan - http://www.windowsecurity.com/trojanscan/

Free online Security scan Symanted Security Check - http://security.symantec.com/sscv6 Test my Firewall - http://www.testmyfirewall.com/

More Security Resources Forum of Incident Response and Security Teams: http://www.first.org/ Microsoft: http://www.microsoft.com/technet/security/current.aspx SANS Institute: http://www.sans.org/resources/ Webopedia: http://www.pcwebopedia.com/ Definitions

Adware: *A form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user's browsing patterns.

Software that is given to the user with advertisements already embedded in the application

Malware: *Short for malicious software, software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.

Script Kiddie: *A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability.

Spyware: *Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party. Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-to-read legal disclaimers.

Trojan: *A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

Virus: *A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.

Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

Worm: *A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down.

* Definitions provided by Webopedia

A special thanks goes out to the CISSP community, various Chief Information Security Officer (CISO)s, and to those in the Risk assessment specialty of Information Systems Security for their help in proof reading and suggestions.

Jeremy Martin CISSP,CHS-III,CEH
http://www.infosecwriter.com

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

Retirement Security: Fire And Fury In Telecommunications
Seeking Alpha
AT&T's merger with Time Warner has hit a brick wall and the market is celebrating. Here's what I'm doing. How about you? Subscribers to "Retirement: One Dividend At A Time" got an early look at this material via free instant text message trade alert ...

and more »

Forbes

How This Millennial Went From A High School Dropout To Cyber Security Expert
Forbes
Manan Shah, the 24-year-old founder of cyber security firm Avalance Global Solutions, is one of the top cyber security experts, but his path to the top was far from traditional. A high school dropout and former hacker, Shah had to overcome run-ins with ...


TechCrunch

Tortuga Logic raises $2 million to build chip-level security systems
TechCrunch
Tortuga Logic has raised $2 million in seed funding from Eclipse Ventures to help in their effort to maintain chip-level system security. Based in Palo Alto, the company plans to use the cash to build products that will find “lurking vulnerabilities ...


Fox News

Schools adept at shoring up security at any hint of danger
Fox News
Schools have become adept at rapidly shoring up security, measuring responses against the toll it could take on students' learning and sense of safety. The president of the National Association of School Resource Officers says schools regularly ...

and more »

New York Times

Homeland Security Official Resigns Over Remarks on African-Americans and Muslims
New York Times
WASHINGTON — The Department of Homeland Security's head of outreach to religious and community organizations resigned on Thursday after audio recordings revealed that he had previously made incendiary remarks about African-Americans and ...
Homeland Security Official Who Blamed Slums On 'Lazy Blacks' QuitsHuffPost
Homeland Security official Jamie Johnson resigns after comments ...Washington Post
Homeland Security's head of community outreach resigns over past controversial comments on black community, IslamCNN
Fort Dodge Messenger -The Grio -New York Daily News -The Hill
all 71 news articles »

North Darfur security: Swiss aid worker released, kidnappers held
ReliefWeb
The security authorities in North Darfur announced on Wednesday that kidnapped Swiss aid worker Margaret Schenkel has been “released from her captors in a mountainous area during a professional security operation”. The head of the National ...

and more »

UN News Centre

Russia again vetoes extension of chemical experts in Syria
ABC News
And it was Russia's 11th veto of a Security Council resolution dealing with Syria, its close ally. Russia cast its latest veto Friday night on a last-ditch resolution by Japan to extend the mandate for 30 days for further discussions. It was supported ...
Security Council fails at fresh attempt to renew panel investigating chemical weapons use in SyriaUN News Centre
Security Council Considers 30-day Extension on Syria ExpertsVoice of America
The Investigation Into Chemical Attacks in Syria Is Fizzling Out After a Security Council ShowdownTIME

all 602 news articles »

UN News Centre

At Security Council, UN chief urges cooperation to tackle security challenges in Mediterranean
UN News Centre
17 November 2017 – The Mediterranean – a confluence of civilizations, cultures, religions, trade and migration – is facing multiple security challenges, such as terrorism, illicit trade in narcotics, environmental degradation and forced displacement ...

and more »

Computerworld

Strong and stable: The iOS security guide
Computerworld
So, what's the weakest point in mobile device security? Sadly, it's you. From tapping links in phony emails to accessing confidential password-protected information using open public Wi-Fi hotspots to simply using the same password everywhere: All ...

and more »

KING5.com

Seattle police plan security for tree lighting ceremony
KING5.com
Seattle police have a plan to secure next week's holiday tree lighting ceremony in Westlake Park, and it makes room for protesters to exercise their first amendment rights. "It's the kickoff for the holiday season," said James Sido, DSA spokesperson ...

Google News

SPYWARE - Whos Watching Who?

I am in the midst of Oscar Wilde's The Picture... Read More

File Sharing - What You Need to Know!

File sharing on p2p is soaring despite the music and... Read More

Phishing: An Interesting Twist On A Common Scam

After Two Security Assessments I Must Be Secure, Right? ---------------------------------------... Read More

Protecting Your Children On The Internet

If you are a parent, as am I, I think... Read More

How To Avoid Hackers From Destroying Your Site?

Recently, my site and other internet accounts ( http://www.nabaza.com/sites.htm )... Read More

Protecting Your Identity On The Internet

Afraid that someone is monitoring your PC or installed a... Read More

Hacking Threats and Protective Security

The 1998 Data Protection Act was not an extension to,... Read More

Lets Talk About Antivirus Software!

Nowadays more and more people are using a computer. A... Read More

Why you Must Secure your Digital Product and Thank You Web Page

A couple of years back, I paid my dues the... Read More

40 Million People Hacked - YOU as Identity Theft Victim

Saturday, MasterCard blamed a vendor of ALL credit card providers... Read More

Online Shoppers, Beware of a New Scam

Beware of a New Scam Aimed at Bargain-HuntersTrying to buy... Read More

Spyware Protection Software

Spyware protection software is the easiest way of removing spyware... Read More

Spy Scanners ? Don?t Compromise your Privacy

Spies, spyware, internet parasites are among what they are usually... Read More

How Can Someone Get Private Information From My Computer?

From the "Ask Booster" column in the June 17, 2005... Read More

Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is

A week or so ago, I received an inquiry from... Read More

Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk

The trash folder in my main inbox hit 4000 today.... Read More

Do You Know What your Kids Are Doing Online?

It's a sad statistic, but hundreds of unsuspecting kids are... Read More

Anti-Spyware Protection: Behind How-To Tips

There is no doubt that "how-to articles" have become a... Read More

Lottery Scam, What It is and how to Avoid It?

Internet scams and frauds are on the rise! The quantity... Read More

Remove Rogue Desktop Icons Created By Spyware

If you have used a Windows machine for a while,... Read More

Social Engineering - The Real E-Terrorism?

One evening, during the graveyard shift, an AOL technical support... Read More

Criminals are Fishing For Your Identity

What is Phishing? In a typical Phishing attack, a criminal... Read More

6 Ways To Prevent Identity Theft

These six ways to prevent identity theft offer you valuable... Read More

An Open Letter From a So-called Stupid

Someone recently told me, "You would have to be a... Read More

Is Shopping Online For Your Horse Gifts Safe?

Shopping for horse gifts or other gift items on the... Read More