|
If your PC Security Protection is like mine...You won't worry about Viruses either.Viruses have been around for more than 20 years. March 26th, 2007, was the 25th birthday of the first computer virus observed in the wild. It was created by a 15-year-old named Rich Skrenta and it was called the "Elk Cloner". Ironically, the Elk Cloner infected an Apple computer as its first victim. Tell that one to a Mac-Man or Mac-Lady for giggles.
Listen up. These malicious codes are dangerous and they are spreading faster than we can stop them, and the cost of dealing with them is escalating. According to Internet Security Systems, one infected PC can easily reproduce at least 10 copies of a virus per second; exponentially, a virus can propagate worldwide in a matter of minutes. It isn't any surprise that earlier viruses were pretty straight forward and the means to remedy them were equally straight forward. But, with today's technology, advanced programming, hybrid attacks, polymorphic viruses, and sophisticated social engineering more than just software is needed to maintain a secure computer environment. It's time the general public and small business owners are provided the same professional (Enterprise) grade level technologies that government agencies, educational facilities, and large corporations have been provided. After all, the public and small business owners make up the majority of the Internet. Finally, what's been available to corporate America is now available to the general public; it's called managed security services. What is a virus outbreak? According to the International Computer Security Association (ICSA) Labs' Virus Prevalence Survey 2004, a virus disaster is defined as "an incident in which 25 or more machines experienced a single virus at the same time", and/or incidents "that caused organizations significant damage or monetary loss." Another definition claims it depends on the software developer, but, typically it has to be a new or a new variant on a existing known virus. It must also have the potential to cause moderate or significant damage, the ability to become a widespread distribution, and have some presence established from varied sources. The malware is a form of malicious code and its purpose is to be disruptive. Viruses vary from macro-viruses to Trojans to worms but, they all transfer from one computer to another without knowledge of the operator. All are classified as a virus and by definition, must change and infect other files with its own code in order to replicate or overwrite an entire file. Generally there are three catergories of viruses: Malicious-these commit irrevocable damage to the computer's system files, its programs, and to data held on storage media. These viruses attempt to steal and transmit user ID and password information. Irritating-Personally, I haven't seen any of these for some time, but they are annoying activities with messages, annoying sounds, screen manipulations, and/or animated graphics. Ineffective-A poorly written program that doesn't activate and is ineffective. However, it still clogs and slows down the system with clutter. In addition to the three categories above, there are three types of PC viruses: boot sector, macro, and file-infecting. A boot sector virus will deny you access to your hard disk when starting your computer and is usually found on a disk. The macro is a bit more specific and is targeted to spread through applications such as Microsoft Excel and Word.Once a macro has infected a global macro template, then the files are infected anytime the file is opened and running.The file-infecting virus targets executable files such as EXE and COM. Some file infectors (fast-file infectors) not only infect executed files but programs that are merely open. File-infecting viruses typically take direct action or are considered a resident virus. A direct action virus will target and infect one or multiple programs each time it is activated. The resident virus will conceals itself in memory until the infected file is activated or certain other parameters are fulfilled. In either case, when activated they will continue to infect other programs. I believe that contrary to what Dr. Fred Cohen said in "Three Minutes With Fred Cohen, Virus Trends Tracker," in PC World, Nov.14, 2000, virus writers are more innovative in their craft and are becoming more educated and sophisticated as virus writers rather than being complacent and not particularly ambitious as Fred Cohen has indicated. A VIRUS INFLUENCE... Powerful home computers with high speed connections and wide bandwidths are the norm today. These home computers operate with an uncanny lack of security and have become a "hackers heaven". Cybercriminals are not interested in crashing your computer; it's far more important to have control of your computer. However, if your computer is a "zombie" computer and under the control of a hacker and your paying all the bills for the service and the hacker's making all the money, Whose computer is it? When it comes to the legal issues and who goes to jail or gets prosecuted because your hard drive is being used as a platform for sending out child pornography or any other illegal activity coming from your computer, it's your responsibility and you'll be prosecuted. As a parent how would you like to end up in jail, lose custody of your child, and be terminated from your employment because some hacker had stolen a portion of your hard drive and was using it as a platform to send out child pornography? That is what happened to a father and his daughter. Learn more and view a brief video that will explain "The Internet Risks". His daughter's computer had become a "zombie" computer (a computer under the control of a hacker) and was being used as a platform to distribute spam and child pornography. When she brought it to the attention of her dad, he tried unsuccessfully to remove it. Frustrated, he called the police, who in turn arrested him for child pornography distribution. It wasn't until six months later, through forensic science, that it was determined that the computer had been hacked. Too little...too late. His character and his good name had been destroyed, even after his innocence had been established. When it comes to your computer and illegal crimes...you are guilty until proven innocent! No longer do pedophiles or deviants need to lurk about school yards and playgrounds to access their victims. The Internet is their new tool to lurk about unseen in the shadows, and poorly-secured computers are their playgrounds to observe you and your loved ones and personal information. A hacker can actually activate your video cam on your PC without your knowledge and watch you and your children in the privacy of your own home.
TAKE ACTION... Consider the level of sophistication we are up against. Let's examine a recent scheme that lured employees to download an attached file from their IT department. Employees were advised to protect their computers from a recent virus outbreak. That was in fact, a malicious code that opened a "back door" into their computers enabling the virus writer to take over their PCs. This was the "Stration" virus released September 14th, 2006. What kind of security assurance do you have? How about some Identity Theft insurance? Do you want great security? Do you want a team of professionals to handle all your computer security needs, like I have? Then subscribe to a managed security service. DEFENSE...BE PROACTIVE A good defense against malicious code is to demand that any access to your computer file system be granted explicit permission. The problem is the consumer does not want to sacrifice convenience for security. Unfortunately, convenience means nothing without security and your computer was not built for security. What's all the information on your computer worth to you? I'm not talking about your liability risks, that's another issue. Let's say you didn't lose any data, but you have to reinstall all your software and then re-enter all your client data base or contact information. Ouch, that's a dreadful thought. I would venture to guess that after many years, your computer is more than just a machine. It's a personal journal, diary, a bank of business filing cabinets, an accumulation of photographs (business and personal), a long history of gathering personal and general information, and, in some cases, your business assistant. With so many malware threats discovered each day, the only other source of protection besides granting explicit permission to your computer file system is a managed security service. This service provides a team of professionals to manage your security for you with multi-layered protection including an Enterprise (Professional) grade level anti-virus, anti-spyware, firewall, and patch management programs with upgrades, updated and expert technical support for all your security needs. It is complicated to know what security protection to choose and, to further complicate the issue, everyone claims to have the best anti-virus or best security protection on the market. Okay, let's assume that all security products are equal (they are not all equal). What would be a deciding factor to choose one security program over another? It's a fact that none of the security software products are 100% effective. If not today, then tomorrow you could be hit by malicious codes: virus, worm, Trojan, adware, dialers, spyware, backdoors, keyloggers, and logic bombs to name a few. So, what's a benefit to you to choose one security program over another? What if you sense your computer is acting peculiar...it's as slow as pouring honey taken from the refrigerator. What if you received an additional benefit that included unlimited expert security technical support to handle any security issue that occurs. You may be thinking that's nice, but other security software providers offer technical support to their customers. However, some charge as much as $4.95 per minute and/or a per-incident charge which can be financially burdensome. How about no additional charges and unlimited tech support with U.S. IT security technicians who will do a remote access, with your permission, and not only remove malicious codes, but will make sure your computer is running at peak performance. That's a real benefit, someone to manage your security for you and technicians that you'll know by name. I swear malicious codes are really nothing more than a never-ending game of cat and mouse between computer programmers. I can't help but think of radar detectors. You have the best technology riding on the dashboard of your car, feeling you have some magic field out in front protecting you, only to find out law enforcement recently had an upgrade with newer technology. Don't worry, because the same guy that just updated the detector, of the officier who is pulling you over is working on your next newer and better radar detector model. Only here we're sacrificing safety for convenience. Drive the speed limit...what a novel idea. Save money and put it towards some real computer security, a managed security service which is a whole lot cheaper and a better return on your investment.
Diary of a Virus... It's a game of chess, if I'm a virus; I've been programmed to infect the host if I want to spread any further. Survivingis calculating my odds of remaining undetected, therefore, I'll stay away from the anti-virus program because that host does an integrity check to make sure its code is clean. There's not much of a chance of infecting that kind of host and remaining undetected. I'll stay away from a "bait file", also called a "goat file", because all that's going to happen, is I'll get trapped and be detected, studied and identified. The thing is, if I get caught by the "goat file" and I've mutated and become "polymorphic", (changed my appearance), you won't recognize me. But, if you happen to be in "happening bait file club", similar to a "honey pot", I'm finished, busted, the operators know I'm polymorphic, and my cover's blown. It's like wearing an orange jumpsuit at a black-tie affair. Stealth virus, that's fun. I make a few modifications in the file or boot record and just wait for the anti-virus guy to pass a note to the command center asking to look at some files for verification. And when he does, I'll intercept that request, produce some forged results indicating everything is okay, and the request is sent back saying, "yep, everything's peaches and cream", and, just for grins, I'll send AV guy an old script of how things used to be (before the infection), and he buys it hook, line, and sinker. Talk about a phishing scam. Some of us viruses have attitude. We're called "self-modification" and we like to tag, i.e., leave our calling card. Consider it our signature on the work we do. Problem is our ego identifies us and where we've been. Then the clean-up group, the anti-virus (AV) guys come in behind us and clean things up and in some cases, clean us out. We've even tried "simple self-modification", i.e., smaller signatures that are a little less noticeable, but the AV guys still do their clean-up. Fortunately for us, not all AV crews are working off a current list (most wanted) and are still carrying old information and don't have a clue we're in their computers. As long as the computer operator keeps his head in the sand, we'll be okay. The Polymorphic guys in the neighborhood are something else. Talk about split personalities... these guys will reproduce varied and fully functional copies of themselves. These guys really play some head games with the anti-virus (AV) guys. Then there is "Campanion". I'm not sure if he's from the neighborhood because he likes to do things differently than the rest of the viruses. Instead of infecting or modifying the files on the block, he'd rather build a whole new look, afancy program, and pass it off as one of the original files. The operators don't have a clue that he slipped a .COM in place of the .EXE file. Every neighborhood has the clowns, the ones always pulling pranks. We call them the "Hoax" brothers, always trying toyell "wolf" and pull the wool over your eyes, but don't get them confused with the spyware gang, always eyeballing everything. Anyway, the "hoax virus" boys love to spread rumors that the sky is falling and you wouldn't believe how fast they can stir the pot into a frenzy. Before you know it, the operators are trying to get rid of them and they never even existed. Talk about chasing your tail. We've had some pretty tough virus characters come through our neighborhood. Let's see... there was Melissa in 1998, she was something. She set the record for the fastest spreading virus. She went and grabbed Microsoft Word's .dot global template and had her way with the first 50 email addresses in Microsoft Office. She didn't stop there. Those 50 each grabbed another 50 and it was a Network Marketers dream come true. Those who knew her well called her "Fertile Melissa". Unlike Melissa, "ExploreZip" was a Trojan that was discovered in June of 1999, but didn't have the replicating furry of Queen Melissa. However, "ExploreZip" had a bone to pick with Bill (okay, I'm stretching) and went after Microsoft Outlook as well. Unlike Melissa, who really was harmless except for the overwhelming numbers that overloaded the servers, "ExploreZip" was downright mean. He would find a file and reduce the file size to zero and as if that wasn't enough, he'd leave them with nothing, no trace, nada, all gone, zapped. I swear "ExploreZip" got some of his genes from Chernobyl who preceded "ExploreZip" in April 1998. The neighborhood doesn't talk about Chernobyl because he's a loose cannon, and so spiteful he returns every April 26 to wreak havoc. None of us want to suffer his wrath. The first thing he does is find a hard disk and wipe out the first megabyte of data. As if that wasn't enough, he then goes for the jugular and deletes the data on the Basic Input/Output System (BIOS) chip. He definately takes a BYTE or two out of your computer. It was Melissa's love child that appeared in May of 2000 and you would think Microsoft had scorned her. "Love Bug", I think it was "Stoned-Marijuana" (one of the boot sector virus dudes) that gave her that name. "Love Bug" went after Microsoft Outlook like a virus scorned and she made Melissa look like a Sunday school teacher. She blasted through and said "I Love You" to one in every five personal computers and those computers were never the same. It seems all they could do is produce more and more love bugs. It is estimated the "Love Bugs" enamored operators creating a classic case of social engineering that couldn't resist her LOVELETTER and cost them an estimated $10 billion. These are viruses from my neighborhood, but the following is a time line of how we fit into a short history of who made it into the "Who's Who of viruses": Rear Admiral Grace Murray Hopper, in 1945, discovered a moth trapped between relays in a Navy computer. She called it a "bug", a term that has been used since the 19th century to describe a problem that occurs between electrical devices. Rear Admiral Hopper also coined the term "debugging" to denote the actions taken to remedy computer problems. The stepping stones that became the walkway and ushered in malware through the years began with the first commercial modem in 1960. AT&T then onto the American Standard Code for Information Interchange (ASCII) which was the simple computer language that allowed machines of different manufactures to exchange data. The walkway continued with the onset of the Advanced Research Projects Agency Network (ARPANET) in 1969 (an early network) which became the forerunner to the Internet that introduced "Phone Freaks" or "Phreakers", who in 1964 tried to beat the system by producing tones into the phone which enabled them to make free phone calls (a thought occurred to me, that some might consider these individuals as the early "Intelligent Neanderthal hackers"). It must have been effective because AT&T monitored 33 million toll calls to identify these "phone freaks" and by the end of 1970 had 200 convictions. With every new technology and its intended use, someone else will find a different applications. It was John Draper in 1972, known as "Captain Crunch" who contributed to the "phreakers" by discovering that the whistle in the Captain Crunch cereal box emitted a tone that reproduced a 2600-hertz tone and when used with a blue box allowed free calls. It was 1979 and the first "worm" was discovered at Xerox Palo Alto Research Center (PARC) and, it seems from all accounts, that the landscape over the horizon was beginning to change rapidly. A group of young hackers called the "414s" using an Apple II+ computer and a modem broke into several government computers. A program called "Elk Cloner" is credited with being the first computer virus to appear "in the wild", that is, outside a single computer or lab where it was created. That same year in 1983, Fred Cohen coined the term "Computer Virus". It was Cohen's research on virus defense techniques that allowed for Anti-Virus makers to capitalize on identifying and providing research on a new industry. The "Brain" one of the first PC viruses was released in 1986 by programmers in Lahore, Pakistan, and, shortly after in 1988, a worm was unleashed by a 23-year-old bored programmer, Robert Morris. The worm invaded 6,000 computers, disabling them on the network. Robert Morris was caught, fined $10,000, and sentenced to three years probation. By 1990 the momentum of the Internet was reaching a flashpoint. A new home computer industry was launching that brought with it great opportunities which seemed only limited by our imagination. However, with great opportunities have come a tsunami of "cybercriminals" also only limited by their imaginations. In 1991, Philip Zimmerman released a free, powerful data-encryption tool called "Pretty Good Privacy" which the U.S.Government considered to be a violation of encryption laws. The Government prosecuted Zimmerman for three years, a case which they finally dropped. "Pretty Good Privacy" demonstrated how rapidly a program could spread around the globe. That same year 1991, Symantec released the Norton Anti-Virus. Three years after Zimmerman's demonstration of how rapidly a program could span the globe, it was now e-mail that demonstrated how powerful the self-replicating principal had become. It was a virus hoax that warned people to avoid any message with the phrase "Good Times" in the subject line. It was believed, that these messages would infect and erase the recipient's hard drive. E-mail virus hoaxes continue to circulate in different forms even today. Windows 95 was released by Microsoft Corp. and was thought to be the new defense against viruses. However, this belief was short-lived because, later that year, the"macro" virus evolved; spawning the "Concept" virus which was capable of corrupting the Windows operating system. It's now 1998, nine years to the present, and the insidious underside of the Internet is finding its legs. Five hundred military and private sector computers are hacked. The incident is dubbed "Solar Sunrise" named after the debunked Sun Solaris operating system that was plagued with computer vulnerabilities. Here's the twist to the "Solar Sunrise" system. It was believed it was operatives in Iraq that penetrated the military computers when, in fact, it was two California teenagers. What a wake-up call. This was the Department of Defense's first taste of hostile adversaries...two teenagers.Teenagers demonstrated the potential of what hostiles equipped with greater skills and resources could be capable of doing to our nation's command and control centers, particularly if used in conjunction with physical attacks. That was 1998. It's now nine years later in 2007 and the Internet is not in the hands of teenagers any longer. The Melissa virus is released in 1999; it infects thousands of computers with an alarming speed costing $80 million in damages. Your friends are infected because the virus takes the first 50 names in your address book and sends them the virus. The following year in May 2000, it's "I Love You", similar to Melissa, but now we are gathering passwords and user names to send back to the author of the virus and, in this case, it's a young student in the Philippines. At this time, the Philippines had no laws against hacking and spreading computer viruses. The legal issue was the catalyst to the creation of the European Union's global Cybercrime Treaty. The "I Love You", as of 2004, was the most costly virus to businesses causing upwards of 10 billion dollars in damages. Who pays for these costs? When hackers gain control of an army of computers, called "botnets", they are capable of attacking websites and reeking havoc, which was the cause of Yahoo, eBay, Amazon, Datek and many other high-profile websites being knocked off-line denying them service via a program called "distributed denial-of-service" (DDoS). The websites lost millions of dollars. Today hacking occurs on a personal level. Hackers take control of your personal computers and hold them ransom until you wire money to their off-shore accounts. They will delete files one at a time until you comply and, if you meet their demands, you will receive a password to unlock your files. What concerned computer security analysts in 2001 was the ability of amateurs to send out the "Anna Kournicova" virus to every person listed in an individuals Microsoft Outlook book. Computer analysts believed the virus to be written using a software "toolkit" that allowed even the most inexperienced programmer to create a computer virus. The insidious underworld of the Internet has now introduced the "Code Red Worm" which has infected tens of thousands of systems causing an estimated $2 billion in damages. Code Red's target is the White House Website and was set to launch at a predetermined date. In an ad hoc partnership with technical companies and virus hunters, the White House was able to decipher the code and block its traffic as the worm began its attack. Shortly after 2001, the 9-11 "Nimda" virus attacks and is considered one of the most sophisticated of all viruses, capable of up to five methods of infecting other systems and having the ability to replicate itself. What's going to happen when well educated, well financed, and sophisticated groups of professionals with PhDsin computer science, whose sole purpose is for financial gain...forget the political agendas.
CZAR WHO? In 2001, President Bush appoints Richard Clarke, then Howard Schmidt, then Rand Beers, and finally Amit Yoran to serve as the fourth "Cybersecurity Czar". There is a pattern emerging; Richard Clarke quits and leaves a tell-all communications with close associates ripping the Bush administration for not being serious about cybersecurity and terrorism in general. Next, Schmidt quits after just three months...what's going on? Rand Beers is so fed up that after one month he quits and joins the Kerry campaign...again, what is going on? Finally, Amit Yoran quits, citing his frustration with the low priority that cybersecurity is receiving at the Department of Homeland Security (DHS). Amit confides in industry colleagues about his frustration over what he considers a lack of attention paid to computer security issues within the agency. Jumping ahead, today is January 1, 2007 and the Cybersecurity Czar position is not easy... there have been many turnovers...and the Internet's insidious dark side is kicking our backside and taking names. Anyone one of us that is connected to the Internet is involved with security and it starts with our children all the way to the top...our country's leaders. I've said it often that we all need to "Become Responsible Cybercitizens." If our leaders are dissatisfied with the security of cyberspace, are we going to wait for them to do something? Since we are the controlling interest in the Internet and can do something now to secure our computers. We the end users should do it with the help and service of a managed security service. Worms like the "Klez" released October 26th, 2002, are now capable of turning off your anti-virus programs.The "Klez" worm is able to copy itself and carry payloads for malicious purposes. Today, the "Klez" worm still has variants that remain and are some of the most active on the Internet. Attempts have been made to disrupt the 13 "Root" servers, (the primary roadmaps to Internet communications) by using a method called; denial-of-service attacks (DoS). These denial-of-service attacks were the largest ever and raised the concern regarding the core security of the Internet infrastructure. In 2007, and there was another recorded attempt on the 13 "Root" servers but, when asked as to why the attack occurred, it was said that it may have been a display of the power and strength of an individual or organized group's botnet. The hackers were negotiating a deal and the display was proof of what they could do. On January 23rd, 2003, the fastest spreading worm ever (Slammer) infected hundreds of thousands of computers in less than three hours and, in some cases, in less than ten minutes caused global communicationsproblems. At lightening speed, Slammer wreaked havoc on businesses worldwide, knocked out cash machines,and even caused flight delays with the airline industry. The point is malicious codes and malware writers are not going away and hackers will, always be a step-and-a-half in front of us. If you want to stay out of harms way, I suggest you subscribe to a managed security service and let the experts handle all your computer security. It's an assurance with insurance that provides you a proactive approach to defend you and your family against the viruses that cybercriminals use to commit crimes againstindividuals like ourselves.
|
