Worms and viruses have become increasingly destructive over the past three months. In fact, August 2003 - due largely to the SoBig.F worm - was the worse ever for damage caused by viruses. According to Digital Risk Specialists mi2g, SoBig alone was responsible for nearly 91% of the $32.8 billion in economic damages caused by viruses and other system attacks in August.
And it isn't over.
Technical experts and risk specialists warn there's every indication the worm attacks will continue. There is a "self destruct" date built into each iteration of the SoBig worm. The unknown person coding the SoBig strain purportedly learns from each iteration and generally releases a more destructive version soon after. The "F" variety expired September 10 2003.
Many small business or individual email users think they cannot or will not be affected by worm / virus attacks. As the problem grows, so does the risk to any email user.
There are at least three ways worms and viruses can adversely affect you:
- They can "spoof" your email address (put your address as the sender of infected emails), making it look like you are sending spam and viruses even though you are not.
- They can infiltrate your systems, sending out infected emails from your computer.
- They can clog your email with incoming, worm-carrying messages and, if severe enough, crash your systems.
If you are a list owner, this deluge of worms could tarnish your reputation with some people. Since your email address is likely to be in a lot of email address books, your address will invariably show up as the "from" address in many infected emails.
This results in lost productivity as you sift through unwanted email, update protection systems, shore up security holes, and repair/head off other damage.
How Worm Viruses Work
In general, a worm virus is a program with the ability to spread itself through email. When the worm infects a machine, it spreads itself by sending infected email to addresses in the computer's email address book. The worm also uses one of the addresses as the "from" address, making it appear to recipients that the email came from someone else.
Some worms also deposit a bit of code on your computer, presumably designed to carry out some future maliciousness.
It's more complicated than this, of course, but I'll let the technical experts explain the nuances. Here are some recent articles about worm viruses:
"Virus Damage Worst on Record for August 2003", CyberAtlas article. http://cyberatlas.internet.com/big_picture/applications/arti cle/0,,1301_3071131,00.html
"mi2g Virus Threat News Feed", framed page in "Latest News, News Feeds" section. http://www.mi2g.com/
"First of perhaps many 9/11 viruses emerges", article explains possible new worm viruses. http://computercops.biz/article-2999-nested-0-0.html
"Windows Flaw Allows PC Takeover", article explains security holes in Windows NT 4.0, Windows 2000, Windows Server 2003, Windows XP and the 64-bit versions of Windows XP. Updated 9/10/03 and includes link to patch download. http://news.com.com/2100-1009_3-5074008.html?tag=lh
What you can do.
Short of abandoning email and staying away from the Internet, we are all at *some* risk. We can, however, minimize the extent viruses hinder us by arming ourselves with (a) knowledge, (b) updated protection / security systems, and (c) communication. Also, of course, don't open unknown email attachments.
Knowledge
Sign up for email alerts through a trusted security company or monitor alert pages often. Also, make it a habit to read up on the most prevalent attacks. This way, you can recognize the signs of attack.
Here are links to three comprehensive virus/security sites:
F-Secure Security Information Center, includes information about viruses. Also explains email hoaxes. This page - http://www.f-secure.com/v-descs/sobig_f.shtml - tells about the SoBig virus (Scroll down for email characteristics and timelines of the variant history.). http://www.f-secure.com/virus-info/
Symantec Security Alert, sends email alerts of high-level threats, how to remove/detect viruses, etc. Also has a Security Response section on the site at http://securityresponse.symantec.com/ where you can read about current viruses and check your computer for vulnerabilities. http://nct.digitalriver.com/virusalert/
McAfee Security sends out alerts and breaking news. Also posts news and current threats on the site. http://us.mcafee.com/news/default.asp
Updated Protection and Security Systems
In today's email and Internet environment, protection systems are no longer optional. Purchase a good anti-virus and firewall protection system and set it to monitor for security updates.
Most (if not all) attacks exploit weaknesses in Microsoft software, so keep your Windows software up-to-date as well. Here is a link:
Microsoft's Windows Update center checks the software on your Windows computer then gives you a chance to download critical updates. Has security patch download for the flaw mentioned in "Windows Flaw Allows PC Takeover" article, above. http://v4.windowsupdate.microsoft.com/en/default.asp
There are many firewall and anti-virus programs out there. Two of the most popular and longest-standing - Symantec (Norton) and McAfee:
Norton Internet Security includes a firewall, virus protection, and other Internet security functions. http://www.symantec.com/smallbiz/nis_pr/ or http://www.amazon.com/exec/obidos/ASIN/B00007GDKE/websitemar ket-20
McAfee pcsecuritysuite protects your computer against viruses, hackers, and identity thieves. http://us.mcafee.com/default.asp
Communication
Explain to others the importance of secure, protected systems and guide them to more information. If you are a writer or publisher, remind your readers to stay up-to-date and knowledgeable.
Diligently follow these three steps and you will be prepared for the next wave of new viruses.
Keywords: virus, worm, security, software, computer, Windows, SoBig, Blaster, anti-virus, program
developerWorks - FREE Tools!
