PDA

View Full Version : Viruses, worms, spam and hacks



More Power
12-29-2004, 14:36
Anyone who has spent any time on the net or has an email account has had to deal with evildoers. Viruses, worms, spam and hacks are an unfortunate aspect of the Internet, and an entire industry has evolved to meet the challenges of protecting our online experience.

The point of this editorial is to illustrate potential threats and to suggest ways to protect yourself and your computer. Anyone who connects to the Internet is exposed.

Here are a few examples of what can happen.

A couple of years ago, I began receiving several email messages a day from a former member. Each of these messages contained large file attachments. I’ve grown accustomed to spam and annoyingly large file attachments, and I know how to effectively deal with them (more about this later). However, the file attachments I received from this former member turned out to be accounting databases, client lists, and cash-flow spreadsheets. Certainly not the sort of information most people would want broadcast on the net.

After receiving several additional messages and attachments, I sent him an email, indicating that a problem existed at his end. He did not reply. A day or two later (and after receiving several more messages/attachments), I called him. As it turned out, he was a realtor in Alabama, and was unaware (shocked, horrified) that his private information was being broadcast to the Internet. His computer (which had an “always on” high-speed connection) had been infected with a virus that had accessed his MS Outlook address book, and then sent copies of all files in one particular directory to everyone on his address list.

Most viruses circulating on the net are not quite so pernicious. Most simply affect some operational aspect of the infected computer to one degree or another. Others, are ad driven, directing the PC user to web sites or products. Commandeering one’s Internet browser is a related class of bugs.

The most sinister of all are those hacks who deliberately target a specific web site or email address to do harm. Microsoft, eBay, google, yahoo, and many other well-known online sites have all had to deal with attacks, even including The Diesel Page.

In August 2003, our BB forum server was hit with a highly destructive worm that devastated forum topic threads and member registration files. All of these files have file names with a numeric prefix. The worm randomly chomped its way through the various server directories deleting tens of thousands of files in a single night. The program files required to make the BB forum operate (the BB forum “engine”, as it were) were left untouched. This was a worm designed for a single purpose, to destroy a bulletin board forum. It came awfully close. This was a deliberate act.

The attacks continued throughout the fall of 2003 and periodically through 2004, but they employed a new strategy. The new server and ISP (we had begun operating the BB from in early September of 2003) had sufficient resources to protect against a repeat of the August worm attack. The new approach taken by the evildoer was to employ what is know as a “DOS” attack (acronym for “Denial Of Service”), where a server is overwhelmed with traffic to a point of shut-down. This was effectively dealt with as well.

In October 2003, I began receiving bogus email messages that managed to get by the spam blocker I use. My spam blocker traps lots messages, but the ones that managed to get through listed my email address as the sender…. Hmmm… I obviously didn’t send them, which meant someone else had placed my email address in the sender field to send spam. These extremely unique and nonsensical spam messages (they contained no working links or contact information within the message) were simultaneously sent to an unknown number of email addresses that were somehow related to The Diesel Page (members, advertisers and BB participants, i.e. anyone who posted their email address in our bulletin board). We determined this spam barrage was yet another deliberate attack targeting The Diesel Page and its members. I dug deeper. The IP address used by the actual sender originated at a Comcast Internet Service Provider in Cherry Hill, NJ.

Back in the mid-90’s, I began using a Windows based ASCII email program for all my email correspondence. Even after years of use, that computer had never been infected with a computer virus. However, that changed within a few hours after upgrading my ASCII email program with a newer version that displayed in HTML and automatically opened attachments. After wiping the hard drive, and restoring Windows, I reinstalled the original ASCII email program. I’m still using that same email program today.

MS Outlook is a popular email interface that is bundled with all versions of MS Windows. Its popularity has made Outlook and Microsoft a target. A number of viruses have been created and distributed expressly to take advantage of MS Outlook’s popularity. Many viruses created for MS Outlook access the address book, then send copies of itself to everyone on that list. Aside from simply replicating itself, the virus can be programmed to do all sorts of things, such as interfere with the Windows operating system or even participate in a group effort where hundreds or thousands of similarly infected computers coordinate an attack. A recent article in the Wall Street Journal concerning hackers illustrates this capability. Microsoft was attacked using this method about a year ago, where thousands of computers world-wide simultaneously attempted to download a large file(s) from MS’s server. I would recommend you install a third-party email program, and not utilize the built-in email address book (I use a separate database).

At a minimum, everyone on the net should be using a firewall and virus protection. Zone Alarm (http://www.zonealarm.com/) offers a range of PC protection, including firewalls, spyware/adware detection, and a choice of security packages. Their products range from free to very reasonable.

Firewalls protect your computer from destructive code downloaded from web sites, and from a class of virus programs that may already reside on your computer - that may be accessing the net (without your knowledge). In today’s e-environment, it’s foolish not to have a PC firewall. Once a firewall is first installed, you’ll likely be shocked at how prevalent these problems are.

If you have any questions, input or related advice, please feel free to post that information in this thread.

MP

[ 12-29-2004, 01:47 PM: Message edited by: More Power ]

rjschoolcraft
12-29-2004, 21:19
Great advice! I have found that Norton's Internet Security works very well (at least I hope so!) It can be configured to stop access to the internet except for what you consciously allow and will block intrusions.

Jim Brzozowski
01-05-2005, 10:10
My company will not allow smilie faces etc. to be used on our network or any downloads from most outside sources. They clain mal code can be attached to the icons and when you click on it, the process starts to infect you computer. Have you verified that your message Icons are clean?

More Power
01-05-2005, 11:49
None of the icons or smilies here have dates newer than the last BB upgrade.

However, the BB currently allows user images to be displayed within posted messages. Don't really have much control over what others might do, except to possibly disable that feature.

Report anything out of the ordinary.

MP

radrecon69
01-06-2005, 03:45
Just read where the US-CERT which is a part of homeland security recommend not to use any Microsoft based browser or email client they went as far as to recommend using Mozilla Firefox Browser and Thunderbird email program. The problem is I can't the email program to work yet but the browser works like a champ.

Rick

rjschoolcraft
01-06-2005, 04:42
That's a little fishy... When the government tells you not to use one company's product and to use another? Sounds like they're pursuing the anti-trust issue from a different angle.

Properly configured, the Microsoft products work fine and are secure.

radrecon69
01-06-2005, 07:15
I agree Ronniejoe but since I have been having alot of problem with IE lately I thought I would try it I use a Norton security Client which includes everything Firewall etc and Spyware preventer but still have problem with it. On the flip side the Goverment hasn't changed their still using Microsoft Products. This was just a suggestion by US-CERT and it didn't advocate using Mozella only it also suggested Netscape, Opera too. The article said with the constant attacks on Microsoft product that it might be a good idea to look into changing browser. Now since I started using Mozella I haven't had the the problems that I did with IE I do wish it had a Spell Checker though

Rick

Andy Chesek
01-06-2005, 09:54
Microsoft dropped the ball with Internet Explorer. It took Service Pack 2 for Windows XP before IE had an official pop-up blocker, but we all know that only benefits users of XP. A lot of people I assist are still using Windows 98 because they use older machines and by and large their setups get the job done. And Microsoft recently announced they won't be backporting many new IE "enhancements" to Windows 2000, which has miffed many corporations. And let's not get started on standards compliance, or IE's lack thereof. Netscape 7.x, Mozilla and FireFox are all superior browsers these days.

I haven't had much luck with Windows and ZoneAlarm, it tends to block legitimate traffic after a while and requires disabling the firewall and re-enabling to get its act together. Same thing goes for SyGate Personal Firewall. My advice is that if you are on dialup, a firewall isn't that necessary. If you have a broadband connection, a firewall is a good idea, but you may as well get a router with a built-in firewall. It costs as much for a router as it does for firewall software anymore.

Spyware should be illegal, it's such a pain to remove at times. There isn't a single program out there which can detect everything, and it's not worth my time taking hours out of a day straightening out their mess if I'm doing it as a favor (free).

I've put my friends on notice, if they continue to have virus and spyware incursions and want my help, they will be looking at upgrading from MS Windows products to Linux. Linux has matured enough as a desktop OS that it can handle 100% of the tasks they perform under Windows. They don't want to deal with viruses and spyware, and I've wasted enough time cleaning up after them.

More Power
01-06-2005, 10:07
I recommend a firewall for all PC's, whether dialup or broadband. The "always on" broadband PC's are more exposed because of the transfer speed and the amount of time connected.

We bought a new XP machine last year to use as a backup and for general family stuff. It was used for just a few times on a dialup to access the net before its MSIE browser was hijacked. The PC would also spontaneously try connecting to the net when sitting idle. Zone Alarm was installed, and we found a variety of spyware/adware that were trying to access the net - all on their own.

We don't use this machine for email, so all the bad stuff came to us from various web sites my wife and daughter visited.

MP

mdrag
04-08-2005, 21:04
I found this WARNING (http://bpm-today.newsfactor.com/bpmtechbrief/story.xhtml?story_id=32595) a few moments ago - hackers are sending email messages for "Windows Update" and include subject lines such as 'Update your windows machine,' 'Urgent Windows Update' and 'Important Windows Update.'

When you download from the bogus website, a Trojan Horse is installed which allows the hackers to remotely control your computer :mad: