If all you want for Christmas is a quiet life, you may be
disappointed this year. Hackers across the world are sending
greetings cards with muscle
The jargon surrounding viruses just serves to alarm users so, to
keep it simple, let's start with the premise that there are two
types of computer viruses in this world:
Viruses that are very irritating and which might cause your mail
server to crash as they are sent round your company, but which
don't cause much in the way of long term damage to dataViruses that
damage data and can carry out unauthorised actions that may
prejudice the security of your informationThe first type of virus
may cause damage. They reduce productivity and increase the
complacency of users because they receive "yet another virus
alert". They also lead to a general attitude of fear and mistrust
of attachments and email itself. One of the latter types of virus
is called a Trojan horse. These are viruses are those that have a
hidden agenda. They sit innocuously on your PC, hiding behind
another file and wait for the opportunity to deliver their payload.
A Trojan can be thought of as a program that carries out actions
determined by the programmer. The actions of which would not be
permitted if the user were aware they were happening. Recent
examples of Trojans include Netbus and Back Orifice. The payload
they deliver can vary from copying your address book and forwarding
it to newsgroups. They can also "bug" your computer by taking
control of your microphone (and camera if you have one) to keep an
eye and an ear on what you are doing and then send transcripts back
to their creator. Sounds like something from James Bond, doesn't
it? Unfortunately, it's happening more and more often, and it's a
threat for all businesses, not just governments.The biggest hurdle
that has faced those trying to counteract this threat is one of
complacency. A company has good anti-virus software in place ergo
they think that they are safe from attack. However, the only reason
anti-virus software detects attacks is by recognising behaviour
from the manufacturers' list. Even daily updated versions will not
catch all viruses because it's not until the viruses have been
analysed by the anti-virus companies, that they can issue a warning
and a solution.If we accept the presumption that it takes at least
an hour for a virus to reach the anti-virus software labs, and
another hour for them to identify and create a reference it, you
have two potential hours (at least) of this virus running across
the net and, potentially, across your network. How long do you
think it would take in the average office for the entire office to
be infected? If it comes by email, then it can be received and run
in seconds. Herein lies the major problem of anti-virus software:
it's reactive, but not proactive. It requires a problem to be known
about before it can act. So, until the virus has hit your company
(and caused data or efficiency loss), it's not protected against
and thus can escalate as it spreads causing problems related not
just to one PC, but the entire company.There is also an insidious
threat to security coming from within companies and it's coming out
through (and partly because of) the friendly nature of the net;
instant messaging. Many staff now work in mobile environments. This
includes teleworkers and those who travel for business. Many use
instant messaging services such as AOL's Instant Messenger,
Netscape Communicator etc. These are a great way for people to
check where workers are (the sender can see whether the user is
online) and send them quick messages while doing other things
(talking on the phone, writing a document). They are also great for
forwarding files between users. This is a great idea because it
means team members can remotely collaborate on projects, forward
drafts of documents to and from without waiting to download through
an overloaded mail server. What happens though, is that people
download files and, because they come through the Internet and
their PC has virus protection on, they think it's fine to run them.
Except of course, it's not okay because they may have a nasty
Trojan virus lurking in them, ready to steal information or turn
your computer into a listening device. Instant messaging services
provide no defence against viruses, they rely on your protection
and if it's not up to scratch, you are granting malicious code and
even quicker entrance to your PC.For those dubious people out
there, visit security software manufacturer Finjan's website, at
www.finjan.com, and get them to send you a (benign) Trojan. It is
frightening when you realise that someone can send you a lovely
electronic greetings card that you enjoy and then delete, and then
realise that they have copied vital documents and are now listening
in at your business meetings.Remember the e-sheep? The cute little
sheep that ran across your desktop and entertained you? Many users
received them and passed them on through email at work and at home
and they were fantastic fun. However, version 2 of e-sheep had a
nasty sting in the tail. Like the original program, e-sheep #2
looks identical, arrives by email and works in exactly the same
way. Except after it's executed, it causes problems with dial-up
networking and with modems by trying to send something without
being asked to. Does this sound familiar? Well, there is, of
course, a simple cure: don't open the file and delete the sheep.
However, because most of us were entertained by this, and still are
entertained by other comic files we are sent, it is a challenge to
stop workers opening them.Which leaves us with two choices: the
first is to make it a disciplinary offence to open such files and
hope that fear of reprimand and effective anti-virus protection
will protect us (this probably won't work); and the second is to
ban and prevent (through mail set up or using software products
that allow you to control what comes in via email and the internet)
executables being brought into the organisation.However, there is
an information gap here in regards what an executable file actually
consists of. If you ask most staff, they will correctly tell you
it's a program (i.e. something that executes). However, ask them
whether electronic greeting cards or streaming media are
executables and they probably won't know. Unfortunately, virus
makers do know, they can sandwich together an electronics greeting
card with a Trojan, call it what they like and send it to a member
of your staff. It'll probably go straight through your firewall and
under the nose of your anti-virus software, ready to hatch when
opened from the inbox.Now you might think your company has no
enemies that would want to damage you. But unless you have no
competition and your staff are never disgruntled or sacked, you are
probably wrong. Lets say you sack Fred. Fred, feeling particularly
aggrieved, goes to his local Internet café. He logs onto AltaVista
or any other search engine and searches for Trojan horses. Within
seconds, he'll probably be able to find his choice of viruses, with
a choice of cover programs (usually electronic greeting cards or
amusing programs that he can use to front the virus). All he then
has to do is name the file something innocuous and send it.
Perimeter defences simply aren't enough. You can put anti-virus,
firewall, encryption, every line of defence you can think of, in
place within your organisation, but as Bill Lyons, CEO of Finjan,
puts it, "Why bother going through the attic window, if the front
door is wide open". If internal or external hackers, virus makers
or phreakers want to get into your organisation, they'll find a
way. To cope with this, Finjan has brought out First-Strike
Security. This uses content inspection and monitoring to look for
malicious code and stop users running damaging files. It also
allows you to put an employee policy in place, blocking certain
activities. This means that you can stop users that have no real
reason to be running executable files from their email, from doing
so. But moreover, it's not reliant on recognising particular
viruses and so doesn't need constant updating. This gives you
protection for the time period where most damage takes place. This
is the period between the virus hitting your company and the
anti-virus suppliers issuing a patch. "Trojan horse attacks like
ExploreZip caused the most damage and loss in the first hours of
its proliferation," said Bill Lyons. He puts forward the analogy of
being poisoned. By the time the antidote to the poison (or in this
case virus) arrives, you have already suffered because of the
effects of the poison. While virus makers can send files into your
organisation, there will be a need to manage those files. The
problem of tackling innovative methods of infection, like
electronic greeting cards and instant messaging, should be on the
priority list for every IT administrator. Without effective
management against executables and malicious code, you are bolting
down the windows, without bothering to first shut the front door.
Rachel Hodgkins