RESTON, Va.–(BUSINESS WIRE)–March 27, 2001–With more than two thousand new computer viruses rearing their ugly heads each month, it’s the worms among them that keep “hacker trackers” up at night.
Unlike simple viruses, which spread from file to file in one computer, worms live short but spectacular lives, inflicting major damage quickly because they use the network to spread from computer to computer.
Now that network operating systems have been available for some time, there is mounting concern among Internet security experts that the ever-increasing availability of information on the “guts” of network operating systems gives hackers clues to break in and compromise a network’s security.
In fact, some experts, including TruSecure technical director of malicious code research Roger Thompson – who specializes in securing WinTel platforms – feels the industry has taken a step back to the early 1990s, when virus writers first began to truly understand, dissect and attack the innards of the DOS platform. Today, virus writers are feverishly working to crack the Windows code, once a fortress that virtually made the 15,000 DOS-based viruses a moot point.
Most worms and viruses go unnoticed to most of the world because they only infect one computer or one company. But every now and then worms with seductive names like Anna and Naked Wife “get away” because unsuspecting PC users “let them in.” And when a mass mailer worm infects a system, it can clog businesses’ email systems, and depending on its “payload” or damage capability, it can rapidly wipe out all the data on computers.
A recently discovered two-part worm illustrates the growing sophistication. The first part of the worm set Internet Explorer’s start page to a web site in Italy and reduced its security settings to low. The next time a user launched Internet Explorer, they were directed to the web site in Italy instead of their expected home page. The mass mailing part of the code was embedded in the web page and fired as soon as the browser reached it, because IE’s security settings were now set to low. An outbreak was averted on this occasion because the web page was removed almost as soon as the first part of the worm was discovered.
But there are ways to stay ahead of the game. “It would be really nice if individuals would take a little personal responsibility,” said Thompson. “People simply need to stop believing that they’re getting pictures of naked women. There are actually people who ran the Anna worm twice, because they didn’t get to see the picture the first time.”
Thompson added, however, that a better approach was for corporations to systematically harden their computers. “Corporations have to stop relying on their anti-virus software as their primary line of defense,” said Thompson.
TruSecure offers businesses the following pointers:
— Block exe and vbs attachments at the network perimeter. Right now, some companies do this and some don’t. Many haven’t adopted this habit, and even when they do, some people go to great lengths to retrieve mail from their personal email service.
— Restrict the ability for individuals to access their personal email systems from work. Since these are not protected by corporate gateways, users may unknowingly download a mass mailer that has the ability to infect an entire corporate network. Businesses can lower the risk by investing in software that detects the presence of internal modems and by procuring network cards instead of modems.
— Integrate the protective tools you do have, including firewalls, anti-virus software and Virtual Private networks. Many companies use these protective measures from different vendors but unless they are operating together properly, “gaps” are left that leave their networks vulnerable.
TruSecure teaches its clients how to put the controls in place to secure their work as much as humanly possible. Their advice to businesses: Since threats are constantly changing, your defenses have to change with it. This usually means employing an outside partner to help monitor and avoid problems.