Intruder Alert!

My Doom, trojan horses, spam, blended threats… the list of security woes seems never ending. How do these dangers differ and how can you protect your system from unwanted interlopers? Windows Middle East talks to the experts to bring you the latest advice.

  • E-Mail
By  Matthew Wade Published  March 23, 2004

|~|Zaid-Abunuwar-4-i.jpg|~|Zaid Abunuwar, enterprise group manager, Microsoft South Gulf, says "There are three key actions users can take to protect themselves."|~|We’ve probably all worried about downloading software or felt vulnerable giving our bank details online and it’s hardly surprising we’re so spooked with the number of virus scares and horror stories around. Viruses and their cohorts aren’t a new phenomenon but the dangers they pose are increasing. Computer Economics, an independent research organisation, reckons the global cost of major virus attacks has increased from $500 million in 1995 to $13.5 billion last year. This huge growth can be explained not only by viruses, spam and hackers becoming more sophisticated but also of course having wider audiences to attack. "Net penetration is constantly increasing and therefore the number of people who can potentially be attacked is increasing," says Abdul Karim Riyaz, director of Security Partner Business, Computer Associates Middle East. In the Middle East internet take up is growing fast. According to analyst firm Madar Research Group the number of web users in the 18 Arab countries it has surveyed increased from 2.9 million in 2000 to over 12 million last year, with a further 43% growth predicted for this year. This upsurge in net use brings with it danger. "Every time someone uses or buys a machine," says Riyaz, "they must be very clear on the problems associated with being online and understand the risk associated with logging on." This is a lesson that needs to be learnt in the Middle East at least as much as anywhere else. When network security firm Scanit conducted a survey on user’s security last year it found the region to be one of the highest risk areas in the world for security intrusion. The survey, which covered users in Saudi Arabia, the UAE, Qatar, Kuwait, Bahrain, Oman, Lebanon, Syria, Egypt, Jordan, Iran and Turkey, discovered that 73% of browsers were at "high risk" with another 25% classified at medium risk. Kuwaiti users were judged the safest while Omani surfers demonstrated the lowest rates of security protection. The main aims of malicious code like viruses and worms are to disrupt through destroying data on infected PCs and to gain information such as our search preferences (useful for marketers) or financial data like pin numbers and credit card details. Such threats are not restricted to one type of user either with business and home users alike being affected. As for hackers, their target is "data: personal and financial information," says Zaid Abunuwar, enterprise group manager, Microsoft South Gulf. One virus for example that achieved both wide publicity and embarrassed the world’s biggest software firm was last year’s MS Blast worm (also known as Blaster). This managed to capture a vast number of machines and used them to launch denial of service (or DOS) attacks against Microsoft’s security site windowsupdate.com. DOS attacks work by targeting a victim’s network and drowning it in useless traffic with the aim of bringing it to a standstill. While Microsoft offered patches and advice to users about Blaster, this was considered by some to be a case of too little, too late. More recently, variants of the MyDoom worm have been hitting computers across the Middle East and indeed the world, also with the aim of launching service denial attacks. The much publicised Netsky and Bagel worms meawhile have instead been concerned with spreading spam. To keep one step ahead of security experts, virus writers and spammers are constantly coming up with new approaches. One growth area, according to Justin Doo, managing director, Trend Micro, Benelux, Middle East & Africa, is "using e-mail to deliver a link to a virus, whether this is malicious code on a web site or contained in a file download. The user clicks on the link and this opens a secure tunnel between their desktop and the source." Recent threats that use this approach include the WORM_FRIENDGRT and JS_FORTNIGHT virus families. WORM_FRIENDGRT for example is described by Trend Micro as a ‘Friend Greetings’ application and works by sending an invitation e-mail to all the addresses in an infected system’s Outlook contact list. This message claims the recipient has received a virtual postcard from FriendGreetings.com and includes a URL and the text: "I sent you a greeting card. Please pick it up." Clicking on this hyperlink opens the type of dangerous tunnel Doo describes. Business system administrators cannot effectively block these threats, says Doo,unless they employ URL filtering products, which involves a significant investment at the hardware level. "Some organisations are already catching on to this threat," Doo explains, "but it depends on how security aware an IT department is. In SMBs many IT managers don’t have much time to keep up-to-date with threats." Tom Scholtz, vice president, security strategies at Meta Group, echoes this sentiment, explaining that in the case of SMEs the problems are often a lack of resources and firms being dependent on external parties like ISPs to provide protection. Scholtz’s advice is that SMEs "sit down with their service providers to look at the joint process and procedures they should have in place and which party is responsible for which part of these processes. Don’t wait for service providers to come up with a process that will satisfy your requirements, approach them." As far as home users are concerned, the best way to avoid contrac ing a virus via a hyperlink supplied in an email is simply to ignore it and any links supplied by senders you don’t know and trust implicitly. While e-mail is being sent to direct users to viruses, viruses themselves are increasingly being used to spread spam. Once a PC has been infected, the virus that infected it communicates its existence to an external spammer and the PC is then employed as a spam relay. Viruses like the recent Sobig, Fizzer and MyDoom variants search out vulnerable machines this way and add them to bot nets or networks of computers that can act on a spammer’s command to send out thousands of messages, all without computer owners doing (or realising) a thing. “Recent thinking suggested that if a spammer wanted to target a recipient, then the spammer would incur some kind of cost, be it time or effort,” says Abunuwar. “This obviously isn’t true. This is a big problem.” As a result spam is experiencing tremendous growth. Anti-spam organisation Brightmail suggests 62% of total internet email in February this year was accounted for by spam, compared to 45% in March of last year. Abunuwar suggests users can help. "If you receive a lot of spam from one source it’s a good idea to contact your ISP and tell them. They will act on this data and help reduce the problem." Riyaz of Computer Associates adds, "A good way to be hit by spam is to publish your e-mail address around the web as that way it can end up on marketing databases. I would personally rather not give my e-mail address to sign up for an e-newsletter for instance if I've not heard of a company, even if it says it won't use or sell on e-mail addresses. If you are signing up, always look out for the option to have your e-mail address kept private." Another new development is in the field of worm delivery. The latest method employed to get past mail filters and anti-virus software is for viruses like the latest Bagel variants to arrive inside password-protected Zip files. These files are sent as e-mail attachments with the relevant password contained in the message text. When a Zip file is opened the worm is released. Doo explains why this is effective: "Very few companies are able to scan inside a password-protected file." He suggests organisations can block password-protected zip files or have them delivered to their IT administrator by default. "The administrator can then contact the end user to request the relevant password and deal with the file themselves." Protection measures that every user can take don’t have to be complicated. Simple steps can help. Abunuwar explains: “There are three key actions users can take to protect themselves. Firstly we recommend making sure your Windows operating system is always up-to-date by using the Windows update service. If you’re using Windows XP, we advise you enable the built-in firewall. If using an earlier version of Windows then install a third party firewall program. And thirdly, install an anti-virus program on your PC.” These three measures, Abunuwar claims, can help improve your PC’s security "by 90-95%." Though few would criticise Microsoft for including firewall functionality with Windows XP, we suggest you don’t rely on this alone as XP’s firewall feature isn’t as comprehensive as the standalone products now available. Abunuwar claimed that improvements in this firewall and all the XP security updates released to date will be included with the firm’s Windows XP Service Pack 2 (SP2), due later this year. In terms of the multi-faceted approach to protection Microsoft recommends, other vendors seem to agree that this is key to avoiding trouble. When we spoke to Kevin Isaac, regional director for Symantec Middle East and Africa last November, he commented: "I don’t think anti-virus software by itself is the solution anymore. If you look at how doctors treat a human virus then they use a cocktail of remedies." His concern was that while firms attempt to make anti-virus products simple to set-up and run, "ease of use is one thing, the willingness of people to do it is another. It’s like buying burglar insurance for your house, you know you should do it but will you?" Once a user has bought such a product, simply installing it isn’t enough. When we spoke to Patrick Hayati, regional director of Network Associates Middle East a few issues ago, he explained: "You can’t just take for granted that a product is always going to work, it will need to be updated regularly." It’s not difficult to surmise that the fight against IT imposters will continue long into the future. It’s also true that the dangers we’ve described here will mutate into more advanced threats. "We are seeing anti-virus technologies becoming more and more intelligent," says Riyaz of Computer Associates. "But at the same time the reality is that virus makers are always becoming more ingenious. This fight will continue." While the technological battle will be led by anti-virus experts, users must remain vigilant. "Some vendors claim their aim is to educate the public, which is a bold statement," says Justin Doo. "What we can do is put some key generic messages out there to help people protect themselves." You may have worried that threats like MyDoom are more dangerous than ever before, and you would be correct, but if sensible steps are taken then the damage they cause can be largely avoided. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code