|
ADVICE WHEN USING THE INTERNET!!
There
are a few major problems when using your computer for the Internet bulletin
boards, mailing lists, or e-mail. The problems can be categorized as follows:
Viruses
The first
viruses emerged in the mid-1980's. By 1990, there were still less than 100
viruses. Today it is estimated that there may be more than 50,000 viruses.
What Is A
Virus? A computer virus is a piece of software that has been written to
surreptitiously enter your computer system and "infect" your files.
Some viruses are benign and won't harm your system, while others are
destructive and can damage or destroy your data. Typically a computer virus
will replicate itself and try to infect as many files and systems as
possible. If your system is infected, when you system. As you can see, it's a
vicious cycle, not unlike the viruses that plague us humans. New cosave a
file to a disk you will probably infect the disk, and in turn whoever uses
that disk will infect theirmputer viruses are being written all the time, and
it's important to understand how your system can be exposed to them, and what
you can do to protect your computer.
DESTRUCTIVE
NON-VIRUS PROGRAMS
Aside from viruses, there are other threats to your Computer including:
Worms
Worms are
constructed to infiltrate legitamate data processing programs and alter or
destroy the data. Often what people believe is a virus infection is, in fact,
a worm program. This is not as serious because Worms do not replicate
themselves. But the damage caused by Worm attack can be just as serious as a
virus, especially if not discovered in time. However, once the Worm invasion
is discovered, recovery is much easier because there is only a single copy of
the worm program to destroy. A Worm is simular to a benign tumor while a
virus is like a malignant one.
Trojan
Horses
A Trojan
Horse is a destructive program that has been disguised(or concealed in) an
innocuous piece of software. Indeed, Worm and Virus programs may be concealed
within a Tojan Horse. Trojan Horses are not viruses because they do not
reproduce themselves and spread as viruses do. Trojan Horse software could be
a program that may seem both atttractive and innocent, inviting you to copy
or download the software and run it. Trojan Horses may be games or some other
software that you will be tempted to try, a popular medium for Trojan Horses
is attractive graphics programs which are posted on Internet Bulletin Boards.
Logic
Bombs
Writting a
Logic Bomb program is similar to creating a Trojan Horse. Both also have
about the same ability to damage data, too. Logic bombs include a timing
device so it will go off at a particular date and time, these bombs can be
very destructive on their own, even if they lack the ability of the virus to
reproduce. The Michelangelo virus was embedded in a logic bomb. This
illustrates the pernicious nature of Logic bombs which can be written
literally years before they explode.
How
are They Spread?
A computer
virus cannot spread from computer to computer without assistance. They spread
when a computer accesses an infected file (i.e. runs a program or opens a
document). Sources of infection are: Files on floppy disks; Files as e-mail
attachments (this is now the most common source); Files transferred over a
network; Infected floppy disks. In the first 3 virus-affected files are
copied on to a new computer and accessed. The last is slightly different as
the virus can only become active if the computer is switched on with the
infected floppy disk left in the drive. An Example The ZippedFiles (or
ExploreZip) worm was first reported in early June 1999. If you send an e-mail
to a person whose machine is infected by the worm it tries to infect yours by
sending you an e-mail that looks like this: From: [user of the infected
machine] Subject: RE: [subject of the original message] To: [your e-mail
address] Hi [your name]! I received your email and I shall send you a reply
ASAP. Till then, take a look at the attached zipped docs. Sincerely [user of
the infected machine] Attachment: zipped_files.exe The attachment
zipped_files.exe is the worm. If you access the attachment it infects your
machine. Once this happens it will make various types of file on your machine
unusable (e.g. Word documents), will try to spread to all machines on your
network, and will try to spread to others by sending out e-mails with the
attachment.
What Can I
Do About Them? Use anti-virus software You should have anti-virus software
running on your computer. Names of popular anti-virus programs with contact
details can be found at Anti-virus Software later on in this document. It is
extremely important that you update your anti-virus software on a regular
basis. Anti-virus software companies have updates to their programs within
hours of the discovery of a new virus. Some have a live update feature, which
will grab the latest virus information from the company's Web site and automatically
update their program on your computer. Anti-virus software can: Check your
computer's memory for infection when it is switched on. Check files for
infection as you try to access or copy them. Check for infection on hard and
floppy disks. Operation of the anti-virus software can be set up to be
automatic. Be vigilant! Opening e-mail attachments Always be very careful
about accessing e-mail attachments. You should save them to disk (don't
choose the open option) and then scan them with the anti-virus software
installed on your computer. Also look out for unexpected e-mails like the one
for the ZippedFiles worm Copying files onto your machine Do not access files
copied from floppy disks, other machines on your network, or from the
Internet, without scanning them for virus infection first. Also do not leave
floppy disks in the drive when you switch off the machine. Back up your data
As a precaution you should back up your data files regularly. Remember the
back up may contain infection.
The
latest Technique being used to spread Viruses
A tricky new
type of virus is surfacing, taking a twist on the usual trap set by e-mail
messages: It appears in attachments that are not typically used for viruses,
applies a password to avoid detection, and fools victims into entering the
password and becoming infected.
Depending on
the antivirus vendor, the name of this latest scourge is either Beagle or
Bagle (but not Bagel). Symantec calls this series of viruses W32.Beagle.x@mm,
where x designates the variation. The rest of the security vendors seem to
prefer the Bagle name, although they disagree on variation letters.
All the
major antivirus vendors are updating their definitions to identify the latest
versions of the virus. But because this particular pest infects programs and
passes through file-sharing networks, it's tough to shake from an infected
system. Its cleverly deceptive approach may foretell sneakier viruses to
come.
Avoiding
Detection
The first
Bagle virus was discovered in January 2004, and since then new variants have
popped up almost daily. One discovered on March 13, named W32/Bagle.n@MM by
McAfee and W32/Beagle.m@MM by Symantec, includes a small bitmap image to
escape detection by antivirus programs and trick you into entering the deadly
password.
Aside from
this password trick, Bagle viruses spread much like other e-mail worms. When
one infects a PC, it resends itself to any e-mail addresses it can find on
the hard drive. It also spoofs these addresses in its e-mail, forging the
return addresses and hiding the identity of the infected computer. And as
with every other e-mail worm, the virus comes in the form of an e-mail
attachment.
Bagle's
other difference: That attachment is often a password-protected .zip or .rar
archive, which are not previously known to carry viruses. The idea,
apparently, is that antivirus programs can't scan a password-protected
archive and are therefore less likely to identify the virus. The text of the
e-mail message tries to convince you to open the file, and provides the password.
A new
wrinkle appears in the MM variant. This version--and some subsequent
others--display the password not as text, but as a bitmapped image embedded
in the message. Presumably this is to stop antivirus programs from finding the
password in the message text and using it to scan the archive. As another
form of protection, the virus generates passwords randomly.
Also to
escape detection, the virus e-mails itself with a wide variety of subjects,
messages, and archive file names. Some of the subjects include "Account
notify," "Fax Message Received," and "Re: Yahoo!"
But Bagle
viruses aren't just e-mail worms. They also place themselves, under false
names, in folders that are likely to be shared across networks. This allows
them to spread through file-sharing systems like Kazaa and iMesh.
Beware
Other Damage
The Bagle
viruses appear to have been designed with reproduction and survival in mind,
not destruction. But a virus determined to spread and survive can still do a
lot of harm.
Some of
these variants intentionally stop over 270 programs from running on your
system. The targets predictably include antivirus programs and firewalls that
might catch the intruder, so their deactivation leaves a PC more vulnerable
to other invaders.
Bagle also
stops system configuration programs like msconfig and regedit that could be
used to remove the virus. Other viruses also block certain programs, but none
so far block anywhere near this many, antivirus experts say.
When a Bagle
virus gets onto a PC, it infects every .exe file it can find. That way you
can think you've removed the virus, then reinfect your system by simply
loading a program. And these infections are polymorphous--they change as the
virus reproduces itself, making it harder for antivirus programs to clean
your system.
Finally,
these viruses appear to open a back door that could allow someone to access
your PC without your knowledge, even if you have a firewall. The virus
writers may be planning to recruit your PC's resources for a future denial of
service attack against another server; security researchers have not
determined Bagle's plans.
Protection
Strategy
The best
cure for Bagle viruses, of course, is to not to get infected.
The usual
security advice applies: Don't open e-mail attachments unless you have a very
good reason to believe that they're real. Keep your antivirus definitions and
applications up to date.
Despite the
password-protection and other tricks, virtually all antivirus programs can
now recognize and catch Bagle viruses. If you do catch a Bagle, go to the
McAfee or Symantec sites for free, downloadable fixes to remove the virus and
repair your system.
How to
Protect Against Computer Viruses
Some are as benign as the common cold, and others can be as deadly to your
hard drive . The chances that your computer will contract one at some point
are pretty good. Take into account that many PC owners don't use current
anti-virus software, and that viruses can spread to your system easily from
the Internet, bulletin boards, or e-mail attachments, and we're talking
epidemic. Luckily, though, there are some powerful preventative measures and
some equally effective antidotes once you've contracted a bug.
Anti-virus
software
- There are a number of
anti-virus packages manufacturers. Here are some of the best known:
- Symantec (Norton AntiVirus)
- McAfee (McAfee VirusScan)
- Dr Soloman (Dr Soloman's
Anti-Virus)
- DataFellows (F-Prot and
F-Secure)
- IBM (IBM AntiVirus)
HACKERS
A slang term
for a computer enthusiast. Among professional programmers, the term hacker
implies an amateur or a programmer who lacks formal training. Depending on
how it used, the term can be either complimentary or derogatory, although it
is developing an increasingly derogatory connotation. The pejorative sense of
hacker is becoming more prominent largely because the popular press has
coopted the term to refer to individuals who gain unauthorized access to
computer systems for the purpose of stealing and corrupting data. Hackers,
themselves, maintain that the proper term for such individuals is cracker.
Firewall
A system
designed to prevent unauthorized (Hacker) access to or from a private
network. Firewalls can be implemented in both hardware and software, or a
combination of both. Firewalls are frequently used to prevent unauthorized
Internet users from accessing private networks connected to the Internet,
especially intranets. All messages entering or leaving the intranet pass
through the firewall, which examines each message and blocks those that do
not meet the specified security criteria. There are several types of firewall
techniques: Packet filter: Looks at each packet entering or leaving the
network and accepts or rejects it based on user-defied rules. Packet
filtering is fairly effective and transparent to users, but it is difficult
to configure. In addition, it is susceptible to IP spoofing. Application
gateway: Applies security mechanisms to specific applications, such as FTP
and Telnet servers. This is very effective, but can impose a performance
degradation. Circuit-level gateway: Applies security mechanisms when a TCP or
UDP connection is established. Once the connection has been made, packets can
flow between the hosts without further checking. Proxy server: Intercepts all
messages entering and leaving the network. The proxy server effectively hides
the true network addresses. In practice, many firewalls use two or more of
these techniques in concert. A firewall is considered a first line of defense
in protecting private information. For greater security, data can be
encrypted.
Anti-Hacking
software:
- Network Ice
- LockDown 2000
- ZoneAlarm
|
