The news recently has been full of reports and
headlines warning of a new round of viruses infecting
computers at record rates. Names like “Blaster,” “Lovesan,” and “SoBig” are
now familiar, and many computer owners have seen
firsthand what can happen when a virus infects
a computer system, losing valuable files, data,
and time. Just because you installed an antivirus
program on your PC two years ago when you first
purchased it does not mean you’re protected
from the newest cleverly designed “worms,” “Trojan
horses,” and other viruses. Luckily, just
as there seems to exist a large contingent of
programmers who do nothing other than create
new and ever more malicious viruses, there also
exist a many companies and online resources committed
to countering this threat. Don’t wait until
it’s too late; spend a few minutes browsing
our collection of antivirus resources, visit
some of the sites profiled here and follow their
advice on disinfecting your computer and protecting
it from future attacks.
New Threats
W32.Swen Update
There’s a new virus making the rounds that
apparently propagates via file-sharing networks
and e-mail. Visit the sites below for vital information
and protect yourself from this new scourge.
F-Secure Virus Descriptions: Swen
F-Secure warns that Swen “is a worm that
replicates via email, local network (LAN), IRC
and Kazaa. It uses a vulnerability in Internet
Explorer to execute directly from e-mail.” Visit
this page to download a “Disinfection Tool” and
to read an in-depth description of how this virus
operates.
http://www.f-secure.com/v-descs/swen.shtml
Network Associates Antivirus Information
Visitors will find details from Network Associate’s
risk assessment of the Swen virus, including
virus characteristics, symptoms, and method of
infection. Removal instructions are also provided.
http://vil.nai.com/vil/content/v_100662.htm
Symantec Security Response: W32.Swen
The Symantec security specialists say that W32.Swen “is
a mass-mailing worm that uses its own SMTP engine
to spread itself. It attempts to spread through
file-sharing networks, such as KaZaA and IRC,
and attempts to kill antivirus and personal firewall
programs running on a computer. The worm can
arrive as an e-mail attachment. The subject,
body, and From: address of the e-mail may vary.
Some examples claim to be patches for Microsoft
Internet Explorer.” Click on the link below
for a threat assessment, technical details, and
removal instructions.
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
BASIC
DEFINITIONS FROM THE MCAFEE VIRUS GLOSSARY
Virus: A virus is a manmade program or piece
of code that causes an unexpected, usually negative,
event. Viruses are often disguised games or images
with clever marketing titles. A virus is a computer
program file capable of attaching to disks or
other files and replicating itself repeatedly,
typically without user knowledge or permission.
Some viruses attach to files so when the infected
file executes, the virus also executes. Other
viruses sit in a computer's memory and infect
files as the computer opens, modifies or creates
the files. Some viruses display symptoms, and
some viruses damage files and computer systems,
but neither symptoms nor damage is essential
in the definition of a virus; a non-damaging
virus is still a virus.
Worm: Computer worms are viruses
that reside in the active memory of a computer
and duplicate themselves. They may send copies
of themselves to other computers, such as through
e-mail.
Trojan Horse: A Trojan horse
program is a malicious program that pretends
to be a benign application; a Trojan horse program
purposefully does something the user does not
expect. Trojans are not viruses since they do
not replicate, but Trojan horse programs can
be just as destructive.
Tunneling: A virus technique
designed to prevent anti-virus applications from
working correctly. Anti-virus programs work by
intercepting the operating system actions before
the OS can execute a virus. Tunneling viruses
try to intercept the actions before the anti-virus
software can detect the malicious code. New anti-virus
programs can recognize many viruses with tunneling
behavior.
How
Computer Viruses Work
The always excellent and informative HowStuffWorks.com
offers this detailed article that explains what
a virus is and how its works, describes how they
spread, and provides a collection of links to
additional information on related topics.
Blaster/Lovsan
Official Name: W32/Lovsan.worm.a (there
are also .b, .c, and .d variants) and/or W32.Blaster.worm
Defined by McAfee as being of medium risk to
home users and medium risk to business/corporate
users. Go to this site for detailed information
on the nature of this virus, including indications
of infection, removal instructions, and aliases. Symantec also
provides important information on this virus.
Nachi
Official Name: W32.Nachi.worm and/or W32.Welchia.worm
This worm spreads by exploiting a hole in Microsoft
Windows and instructing a remote target system
to download and execute the worm from the infected
host. Defined by McAfee as
being of medium risk to home users and medium
risk to business/corporate users. Go to this
site for detailed information on the nature
of this virus, including indications of infection,
removal instructions, and aliases. www.ca.com
SoBig
Official name: W32/Sobig.f@MM Defined by McAfee
as being of high risk to home users and medium
risk to business/corporate users, this virus
propagates itself via e-mail. Go to this site
for detailed information on the nature of this
virus, including indications of infection,
removal instructions, and aliases. http://us.mcafee.com/
Several of the sites listed in the “Online
Antivirus Resources” section offer virus
alerts and updates; check with these virus authorities
regularly to find the latest information on the
viruses you know about, and, more importantly,
the ones you haven’t yet heard of in the
general media.
W32.Blaster.Worm
Removal Tool
Go here for step-by-step instructions on downloading
and installing a removal tool to clean the W32.Blaster.Worm,
W32.Blaster.B.Worm, and W32.Blaster.C.Worm infections.
Additional
Instructions on Scrubbing the W32.Blaster.worm
From Your Computer
Follow these easy instructions and protect your
system from further abuse.
W32.Sobig.F@mm
Removal Tool
Go here for step-by-step instructions on downloading
and installing a removal tool to clean the W32.Sobig.F@mm
infections.
Additional
Instructions on Scrubbing Your System of WORM_SOBIG.F
W32.Welchia.Worm
Removal Tool
Follow these instructions to rid your computer
of this virus.
How
To Avoid Blaster Infection
Go here for simple steps you can take to safeguard
your system.
How
to Save Yourself From E-Mail Worms
Remember the “Love bug” and other
worms and virus spread by e-mail in the past?
There are several quick steps you can take to
prevent future infection outlined at this site.
ONLINE ANTIVIRUS RESOURCES [back
to top]
CERT
Coordination Center
This organization studies Internet security vulnerabilities
and publishes security alerts and computer virus
information.
CNET
Virus Center
One of the best sources on the Internet for the
latest information on virus threats, alerts,
hoaxes, and other news, CNET rates each virus
according to the threat it poses, tells you how
to prevent it from affecting your computer and,
if you’ve already been infected, how to
remove it from your system. Visitors will also
find information on basic steps you can take
to protect your PC, links to virus and security
alerts message boards, reviews of antivirus products
and software, and expert opinions and editorials.
Computer
Associates Virus Information Center
Another excellent online antivirus resource,
visitors to this site will find “a rich,
up-to-the-minute resource, containing detailed
information on viruses, worms, Trojans, and hoaxes,
as well as valuable documentation on the implementation
of comprehensive antivirus protection.”
McAfee
Virus Information
Offers “Virus Advisories,” information
on recent threats, definitions, and downloadable
tools and applications to keep your computer
safe from outside threats.
McAfee.com
Dispatch
Visit this site to sign up for McAfee’s
free e-mail newsletter and stay up-to-date on
the latest virus information, breaking news,
protection tools, and more.
MessageLabs:
Current Threats
This site “provides a range of information
on global email security threats.”
Microsoft
TechNet Virus Alerts
The Virus Alerts page directs you to the most
current resources for the W32.Blaster.worm and
its variants, the Nachi worm (also known as Blaster-D,
Welchia, and Sachi), and W32.Sobig.A and its
variants.
MSN
Tech and Gadgets: Antivirus
Offers information on the top virus threats,
advice on defending yourself against hackers,
a glossary of terms, information on virus hoaxes,
and other useful resources.
Symantec
Security Response
Offers information on the latest viruses, issues
security advisories, provides downloadable virus
removers and anti-virus protection applications,
and more.
VirusList.com
Self-billed as “the biggest virus encyclopedia,” this
site delivers on its claims. It provides the
latest news, downloads, advice, and opinions.
ZDNET
Antivirus Downloads
Search through a large collection of free and
for-a-fee downloadable antivirus software and
programs.
Is
Organized Crime Behind the Sobig Virus?
One expert worries that the newest variant of
the Sobig virus is “the latest in a series
of forays into the digital world by organized
criminals looking to make a move online.”
Lessons
From Blaster
Internet security companies “estimated
losses from both downtime and wasted manhours
in the hundreds of millions of dollars for US
companies” due to the Blaster virus, machines
infected by which “significantly impacted
the Internet.” This article asks what have
we learned from this latest attack and wonders “How
many more wake-up calls do people need before
recognizing that up-to-date computer security
is a must in a digital world?”
Tests
Demonstrate Majority of Web Applications “Woefully
Vulnerable”
Recent tests conducted by a leading Internet
security firm show “97% of websites to
have significant security flaws.”
Vulnerability
to Computer Viruses Due to Software Industry
Shortsightedness
CEO Adam Kolawa of Parasoft Corporation blames
part of the problem of computer vulnerability
to such viruses on what he claims is the software
and computer industry’s arrogance and complacency,
noting that the practice of dealing with and
fixing bugs and errors in the final stages of
development, or even after the programs and applications
have been released to the general public, is
self-defeating and merely sets the table for
these attacks.
|
