RACE TO A CURE

Sep 1, 2004 12:00 PM, By JACQUELINE EMIGH

Blaster, BackOrifice, and MyDoom are just a few of the rapidly growing numbers of viruses and other malicious software programs that find their way into corporate and consumer computers, perpetrating mischief and mayhem along the way.

When large enterprises are struck by malicious software code, or “malware,” the damage shows up on the bottom line. In August, for example, an 18-year-old Minnesota resident named Jeffrey Lee Parson was charged in Washington State with spreading the B Variant of “Blaster” to computers at Microsoft Corp. and elsewhere.

“This variant infected at least 7,000 individual Internet users' computers (and) turned those computers into drones that attacked or attempted to attack Microsoft and, in particular, its Web site at www.windowsupdate.com,” according to a document released by the U.S. Department of Justice.

“As a result, Jeffrey Lee Parson intentionally caused significant damage, without authorization, to (Microsoft's and other victims') computers that significantly exceeds the $5,000 threshold set forth in Title 18, United States Code, Section 1030(a)(5)(B)(i),” the complaint charges. If convicted, Parson faces up to ten years in prison and a $250,000 fine.

Moreover, although much malware is still being created by amateur pranksters, professional criminals are moving onto the scene, too. “There is now a commercial value to creating and spreading viruses,” says Mike Paquette, VP of product management at Top Layer Networks

A decade ago, many corporate employees had never even heard of computer viruses. These days, though, more and more people who use computers at work also operate PCs at home. Even those who have never dealt with a viral invasion on a PC in their living room have undoubtedly heard something about the ravages of computer bugs from friends, co-workers, family members and the mass media.

“Most people who use computers today are sophisticated enough to realize that they should also install anti-virus software,” Paquette notes. Produced by companies such as Norton, McAfee, ZoneAlarm, Trend Micro and FSecure, anti-virus software contains code that “vaccinates” computers against viruses, either killing or “quarantining” any bugs it can find. When a virus is quarantined, it gets locked into the software equivalent of an “isolation cell.”

Beyond the work of software manufacturers, law enforcement agencies are taking action against viruses, too. For example, Parson's arrest for the Blaster incident followed an extensive collaborative investigation by the U.S. district attorney's offices in Washington and Minnesota, the FBI, the Department of Homeland Security, and the Secret Service.

Yet despite valiant efforts in many arenas, malware keeps proliferating. The growing sophistication of computer users has been more than met by the inventiveness of virus writers. In recent years, the virus category has been branching out in many directions, into “worms” and “Trojan horses,” for instance.

Viruses replicate — or make copies of — themselves by attaching themselves to objects such as application programs, Microsoft Word documents or Excel spreadsheets, says Tony Magallenz, a systems engineer at FSecure.

Trojan horses, or “Trojans,” are a type of virus that can give human perpetrators “back doors” into other people's computers, letting them access files, log the actions of PC users, change software settings and capture passwords from remote locations anywhere in the world.

“Worms, on the other hand, can replicate themselves without even attaching to other objects,” Magallenz says. Blaster is one prime example.

Also relatively new are “blended threats,” in which a bug uses more than one point of entry to the computer. “For example, it might use e-mail, in conjunction with some sort of ‘hole,’ or vulnerability, in the computer's OS (operating system),” adds Laura Garcia-Manrique, director of product management at Norton.

“Spyware” is yet another sort of malware that is now on the upswing. Spyware programs cannot replicate themselves, so they are not characterized as viruses or worms.

“But spyware does have the ability to capture information about you — such as what Web sites you are going to, and even your credit card numbers — and to send that information over the Internet,” says Chad Harrington, director of enterprise products at ZoneLabs.

Spyware programs actually originated with the advertising industry, rather than with hackers. Yet while most spyware programs are harmless, some carry the potential for criminal abuse, experts say. Most anti-viral software programs offer some measure of protection against spyware, too.

Who are the perpetrators of viruses and worms? In performing profiles, law enforcement agencies have traditionally found them to be males between the ages of 16 and 24, typically characterized by “poor social adjustment,” Harrington says.

“Generally, these kids are just looking for an outlet for their creativity. They don't tend to realize the harm they could be causing,” he adds.

Recently, however, professional criminals have stepped up to the malware plate. Experts strongly suspect that, in some cases, virus scammers are working in conjunction with other cyber-criminals.

Under one scenario of this sort, the virus writer releases a bug that is able to capture e-mail addresses. After “harvesting” these addresses, he then sells the list to e-mail spammers. Since much of this sort of activity occurs offshore, it is particularly hard for U.S. officials to nail the offenders.

Meanwhile, Microsoft's Windows XP software, pre-installed on the vast majority of new PCs shipped today, has turned into a particularly virulent breeding ground for malware. Explanations for this vary. Some blame the sheer amount of software code in Windows XP.

As one preventive measure, some recommend switching to a non-Windows operating system such as Apple's Macintosh or the now emerging Linux OS. Still others contend that Windows XP is a target simply because it is so prevalent.

“It's not that Windows is more prone to viruses. It's that virus writers are shooting for the market leader, because they want to infect as many people as possible,” Magallenz says. Microsoft recently released a remedy known as Service Pack (SP)2, consisting of a set of OS “patches” which is supposed to fix many of XP's security flaws. SP2, however, is still somewhat controversial.

Generally speaking, IS experts are in favor of installing OS patches. However, Microsoft has acknowledged that this particular set of patches can sometimes “break” other software programs running on PCs, causing these other programs to stop working. As a result, the most common advice is to take extra care in testing SP2 before installing it on corporate IT desktops.

Experts concur almost unanimously, though, about some other steps IS pros should take to help fend off malware:

• Keep anti-virus software constantly updated

  If computers are running anti-virus software, anyway, shouldn't these products be killing — or at least capturing — viruses? Yes, but only if people using these products keep the software up-to-date. New viruses and worms get unleashed every day, so it can take some time for software products to catch up to all the latest critters — a lag time known in the antivirus business as the “vulnerability window.”

• Add firewall software

  Enterprise networks have long used network firewalls to help block communications with Internet addresses known to send out malware. For added safety, though, another sort of firewall — the “personal firewall” — is now becoming a new necessity for home and business PCs alike.

Windows XP contains its own built-in personal firewall, but it is not turned on automatically. SP2 adds an improved personal firewall which does turn on automatically.

Most companies that produce anti-viral software also make personal firewalls. Which firewall to use is up to the customer — but generally speaking, any personal firewall is regarded as better than none.

How can one help from the physical security side? By doing a good job of screening access to physical facilities as well as protecting computer equipment, experts say. Although viruses are generally spread by perpetrators in remote locations, it is still quite possible for the bugs to be introduced directly within the enterprise setting, either intentionally or not.

Traditionally, many bugs have made their way onto corporate networks via floppy disk drives on employees' PCs. On newer PCs, CD- and DVD-ROM drives and UHB ports can leave systems similarly vulnerable. Needless to say, larger computers used as network servers need special protection.

While staying alert to signs of suspicious activity by humans, experts recommend users should also brace themselves to the fact that, with viruses and other malware, they are up against a constantly changing menace that is mostly undetectable to the naked eye.

FOR THE RECORD…

About the Companies

For information, circle the Reader Service number (listed below) or visit securitysolutions.com

FSecure	25
McAfee	26
Norton	27
Top Layer Networks	28
Trend Micro	29
Zone Alarm	30
ZoneLabs	31

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue