LoveBug – Not the Car: The Virus

Computing “old timers”, like me, are sure to remember the LoveBug virus first released in 2000 – but not fondly, I’ll wager. I’ve been told by Virginia Chaves over at Hill & Knowlton, that I should refer to myself not as an “old timer” but instead, as a “a seasoned pro”. I might just try that Virginia.

In any event, I’d quite forgotten the damage that this Worm caused, until I refreshed my memory by reading Symantec’s, MessageLabs Intelligence Special Report on LoveBug.

Surprisingly, for it’s day; even for today for that matter, LoveBug (you might remember it as – I Love You), was ferocious, causing an estimated 10 Billion dollars in damage – and that’s in 2000 valued dollars! Within days after its release into the wild, 1 of every 28 emails was infected by the LoveBug virus.

Looking back, I’m not sure why we were all so surprised with the efficiency of LoveBug – but we were. After all, in the previous year we had been forced to deal with “Melissa” – a highly successful attack, which is generally recognized as the first virus to use e-mail as the distribution channel.

Regular readers are likely to remember, we reported recently that MessageLabs April 2010 report indicated that currently (April 2010), 1 in every 287 emails is packed with a virus (as opposed to the 1 of every 28 e-mails infected by the LoveBug).

So, on the face of it; it may appear we’re making progress. Yet, the cynic in me has major reservation as to the accuracy of that statement. Or maybe, it’s just because I’m an “old timer”, and being cynical in these matters goes with the territory.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Emergency Patch for Windows Just Released – Update Now!

(From ZDNet) – “Microsoft has released an out-of-band patch to fix an extremely critical worm hole that exposes Windows users to remote code execution attacks.

The emergency update comes just one week after the regularly scheduled Patch Tuesday and follows the discovery of a targeted zero-day attack, Microsoft said in an advisory. The vulnerability is rated “critical” on Windows 2000, Windows XP and Windows Server 2003.

On Windows Vista and Windows Server 2008, the flaw carries an “important” rating.”

Read the rest of this important bulletin on ZDNet

Storm Botnets – The Computational Power of Super Computers

I must admit that I get very tired of opening my email accounts only to see spam email after spam email, reminding me that enlargement, growth, and natural male enhancement techniques can all be mine if I just click on the enclosed link.

It didn’t take long to establish that the driving force behind the majority of these annoying emails is the well established Storm bot network. Security experts maintain that the Storm bot network continues to be leased to online pharmacy spammers.

The Storm Trojan which first appeared in Europe more than a year ago, takes its name from the content contained in emails relating to extreme bad weather striking parts of Europe at that time.

Those users who were enticed into clicking on links enclosed in the email were directed to a web site that included malevolent code designed to infect Windows PCs with the aim of turning the now infected machine into a spam bot.

The initial success and the continued implementation, in various forms, of this highly sophisticated malware attack has led to the creation of a botnet of unprecedented proportions; a colossal spam-producing network.

According to Bradley Anstis, Vice-President of Products for Marshal, a leader in integrated email and Internet content security solutions, the Storm botnet was responsible for 20 per cent of all spam email sent in the first quarter of 2008.

Marshall is currently monitoring five botnets, including the Storm botnet, believed to be responsible for approximately 75 per cent of all spam currently in circulation. Heavily promoted products on all of these botnets tend to be male enlargement drugs, replica watches and sexually explicit material. The strategy employed by the owners of these botnets is particular ingenious since there’s a strategic crossover with the products being promoted by all five of these botnets.

Frighteningly it is accurate to say that these botnets are getting increasingly larger every day. According to the U.S. Federal Bureau of Investigation, there are at least 1 million botnetted computers in the U.S. Worst, some security firms estimate that currently there are as many as 10 million botnetted machines worldwide. In fact, some researchers believe that this may just be the part of the iceberg we can see above the waterline.

Not surprisingly such large numbers of infected machines have produced some of the most powerful networked computer systems in the world. As a result, many industry analysts are convinced malware and phishing attacks from these botnets can be expected to increase in frequency.

A more frightening possibility involves the potential power of these botnets being turned against secure computer systems in the government, commercial, and industrial sectors in brute-force attacks. Some have argued a coordinated attack, such as the one we witnessed last year against Estonia’s infrastructure, is inevitable.

For your own benefit it’s obviously important to keep your computer from becoming infected and becoming a part of this problem. Perhaps it’s less obvious that we all share a responsibly to help protect other computer users on the Internet from becoming infected. The way to do that is to ensure that you are part of the solution; not part of the problem created by running an insecure machine, or by engaging in unsafe surfing practices.

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system:

· When surfing the web: Stop. Think. Click
· Don’t open unknown email attachments
· Don’t run programs of unknown origin
· Disable hidden filename extensions
· Keep all applications (including your operating system) patched
· Turn off your computer or disconnect from the network when not in use
· Disable Java, JavaScript, and ActiveX if possible
· Disable scripting features in email programs
· Make regular backups of critical data
· Make a boot disk in case your computer is damaged or compromised
· Turn off file and printer sharing on the computer.
· Install a personal firewall on the computer.
· Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
· Ensure the anti-virus software scans all e-mail attachments
· Install McAfee Site Advisor, WOT (my recommendation), or a similar browser add-on

Share this post :

Are You on Orkut? – Be Aware – Orkut Social Network Trojan!

A new and nasty Trojan, Orkut.AT, has been discovered by Security researchers at both Symantec and PandaLabs, which targets an Orkut user’s scrapbook. This self-propagating Trojan is designed to infect the computers of both the original victim, and the victim’s Orkut buddy list.

According to PandaLabs a profile appears in the targeted user’s scrapbook, which contains an image from a YouTube video. If the intended victim clicks the link, they are advised that if they wish to see the video a new codec needs to be downloaded. Downloading the codec installs the Orkut.AT Trojan which will then post a malicious message to the scrapbook of the original victim’s Orkut buddy list.

But that’s not all. The Trojan will then go on to download a range of malicious software to the victims’ systems.

The authors of this particular Trojan have added a creative twist; to avoid raising suspicions, the Trojan redirects users to a web page where they can find the video in question.

As with most Trojans, the user is the most important link in the chain leading to the installation and propagation of this infection. Without user interaction this Trojan, and ones like it, cannot succeed.

Luis Corrons, Technical Director of PandaLabs, provides advice that all Internet users should be well aware of, “to avoid falling victim to one of these malicious codes, users should have an up-to-date security solution that can detect both known and unknown malware.”

As well, it bears repeating: don’t click any links received though social networks, even though they might seem to come from reliable sources. Instead type the links directly into the browser’s address bar.

Each of us has an obligation to other Internet users to know, understand, and implement safe surfing practices. Failure to do so will guarantee that we will be faced with a continuing and increasing barrage, of Internet malware attacks. Each of us needs to take responsibility for our actions, while surfing the Internet.

For a review of free, downloadable security software read Need Free Security Programs? – 10 Of The Best!, on this Blog.

Malicious Software – Malware Explained – Solutions

There are many kinds of software that are written to be troublesome and that can be dangerous to an unprotected system. These programs are referred to as malware; shorthand for malicious software.

 

Details

The most common types of malware programs are listed below. Some types of software are written to mimic behavior of simple living organisms. That is, they reproduce themselves or live parasitically in other systems. It’s not that these programs are actually alive, but they can be just as annoying and hard to deal with as a living pest. The level of threat associated with malware corresponds to the intent and skill level of the programmer.

Trojan

A Trojan horse program is named after the legendary Trojan horse used by the ancient Greeks to compromise the defenses of the city of Troy. A Trojan horse program appears to be a program that is useful or desirable, but in reality hides malicious software that can compromise a system. A Trojan horse program can do significant damage to a computer system, including deleting files or stealing private data such as passwords or credit card numbers. A Trojan horse program that hosts a server is referred to as a Remote Access Trojan.  This type of Trojan is becoming increasingly popular.

Virus

A virus is a program fragment that uses other programs to run and reproduce itself. A typical virus is inserted into the code for an otherwise normal program. When the affected program runs, the virus code also runs, allowing the virus to operate. Usually the first thing a virus will do is try to insert copies of itself into other programs or more serious, the system code.

Worm

A worm is a type of program that uses the networking facilities of a computer to reproduce itself. E-mail is a common mechanism for worm reproduction. Even if a worm carries no hostile payload, it can easily duplicate itself to the point that network traffic involved in its reproduction consumes the bulk of resources available.

The following link will take you to an article within this Blog where you can download highly effective anti-malware freeware programs to protect your system from malicious software.

Click Here:  Free Security Applications