|
THE CONVERGENCE OF
VIRUS & SPAM THREATS
Small, medium and large
organizations are facing the challenge of protecting their IT
environments from malicious threats growing in volume and
complexity. They can spread within minutes, creating complicated
issues for IT managers and administrators.
The sheer volume of threats facing
organizations continues to grow. We will focus on two main
categories of malicious threats—Virus and Spam. These converging
threats are putting network and user productivity and data security
at risk.
But they’re also cutting into our
budgets. According to Mi2g.net, the
MyDoom virus resulted in more than $43.9 billion in economic
damages, spreading across 215 countries in just two weeks. The
United States accounted for up to $15 billion of that.
At a Comdex event in
Las Vegas, Bill Gates identified spam as one of the major challenges
for today’s technology world. The United States Congress recently
passed the “Can Spam” Act. And no wonder: companies spend large
amounts of money in excess bandwidth usage battling spam. The
nuisance squanders employee time, burdens mail servers with a heavy
processing load, eats up disk space on both servers and client
machines, and reduces overall network performance.
Everyone knows spam’s
a pain, but it’s also a security issue. With the help of spam,
threats like Spyware, Adware and Trojan Horses can infiltrate
networks. But we will keep these other related threats for a future
discussion.
Viruses
There currently are
five recognized types of viruses: File Infector Viruses, Boot Sector
Viruses, Master Boot Record Viruses, Multi-Partite Viruses and Macro
Viruses.
 |
File
infector viruses – File infector viruses infect program files.
These viruses normally infect executable codes, such as .com and
.exe files. They can infect other files when an infected program
is run from a floppy, hard drive or through a network. Many of
these viruses are memory-resident. After memory becomes
infected, any non-infected executable running becomes infected,
too. Examples of known file infector viruses include Jerusalem
and Cascade. |
|
Boot
sector viruses – Boot sector viruses infect the system area of a
disk – that is, the boot record on floppy disks and hard disks.
All floppy disks and hard disks (including disks only containing
data) have a small program in the boot record that runs when the
computer starts up. Boot sector viruses attach themselves to
this part of the disk and activate when the user attempts to
start up from the infected disk. These viruses are always
memory-resident in nature. Most were written for DOS, but all
PCs, regardless of the operating system, are potential targets
for this type of virus. All it takes to become infected is to
start up your computer with an infected floppy disk. As long as
the virus remains in memory, all floppy disks that aren’t
write-protected will become infected at access. Just a few
examples of boot sector viruses are: Form, Disk Killer,
Michelangelo, and Stoned. |
|
Master boot record viruses – Master boot record viruses are
memory-resident viruses that infect disks like boot sector
viruses. The difference between these two virus types is where
the viral code is located. Master boot record infectors normally
save a legitimate copy of the master boot record in a different
location. Windows computers that become infected by either boot
sector viruses or master boot sector viruses will fail to boot.
If your Windows operating system is formatted with FAT
partitions, you can usually remove the virus by booting to DOS
and using antivirus software. If the boot partition is NTFS, you
must recover the system by running the three Windows NT Setup
disks. A few examples of master boot record infectors are: NYB,
AntiExe, and Unashamed. |
|
Multi-partite viruses – Multi-partite (also known as polypartite)
viruses infect both boot records and program files. These are
particularly difficult to repair. If the boot area is cleaned,
but the files are not, the boot area will become re-infected.
The same holds true for cleaning infected files. If the virus is
not removed from the boot area, any files that you have cleaned
will become re-infected. Examples of multi-partite viruses
include: One-Half, Emperor, Anthrax and Tequila. |
|
Macro viruses – These types of viruses infect data files. They
are the most common viruses and have cost corporations the most
money and time repairing. With the advent of Visual Basic in
Microsoft Office 97, a macro virus can be written that not only
infects data files, but infects other files as well. Macro
viruses infect Microsoft Office Word, Excel, PowerPoint and
Access files. Newer strains are now turning up in other
programs. All of these viruses use another program's internal
programming language, which was created to allow users to
automate certain tasks within that program. Because of the ease
in which these viruses can be created, there are now thousands
of them in circulation. Examples of macro viruses are:
W97M.Melissa, WM.NiceDay and W97M.Groov. |
Trojan Horses
Trojan Horses are
impostors – files that claim to be something desirable but are, in
fact, malicious. A very important distinction between Trojan horse
programs and true viruses is that they do not replicate themselves.
Trojans contain malicious code that when triggered cause loss, or
even theft, of data. For a Trojan horse to spread, you must,
“invite” it onto your computers. For example, you could open an
email attachment or download and run a file from the Internet.
Worms
Worms are programs
that replicate themselves from system to system without the use of a
host file. This is in contrast to viruses, which require the
spreading of an infected host file. Although worms generally exist
inside of other files, often Word or Excel documents, there is a
difference between how worms and viruses use the host file. Usually
the worm will release a document that already has the “worm” macro
inside of it. The entire document will travel from computer to
computer. In other words, the entire document could be considered
the worm. W32.Mydoom.AX@mm is an example of a worm.
Hoax
Virus hoaxes are messages, almost always
sent through e-mail, that amount to little more than chain letters.
One of my favorite phrases associated with virus hoaxes is, “Forward
this warning to everyone you know!”
Spam
Spam is not very different from the junk
mail you’ve been getting at home or in the office for decades. Only
now, the junk mail is coming through your e-mail accounts to your
computers at home and in the office.
Nonetheless, spam is by far worse than
junk mail. The only real cost of eliminating junk mail is buying a
larger recycling bin. Spam and Phishing, which we will discuss
later, can actually cost you and your organizations time, money, and
worst of all, the loss of data and confidential information. It can
also create legal liability issues because of its content.
Phishing
Phishing, as the name implies, is when spam is used as a means to
“fish” for the credentials necessary to access and manipulate
financial accounts. Invariably, the e-mail will ask the recipient
for an account number and the related password, explaining that
records need updating or a security procedure is being changed that
requires confirming an account. Unsuspecting e-mail recipients that
supply the information don’t know it, but within hours or even
minutes, unauthorized transactions will begin to appear their
accounts.
By
now, most people know that giving this information away on the
Internet is a no-no. With Phishing, however, it’s almost impossible
to tell if the e-mail is a fraud. Like spam, e-mails from Phishers
usually contain spoofed FROM or REPLY TO addresses that make the
e-mail look as though it came from a legitimate company.
Defenses
The daily challenge for IT managers and administrators is to
continue the freedom of computer users to access to the information
they need, but at the same time, protecting all systems from
malicious threats. This has been made more difficult by the growing
complexity of threats, especially blended threats that combine
Viruses and Spam. These new and emerging combined methods of
propagation are, in some cases, taking advantage of the
vulnerabilities of Operating Systems.
Anti-Virus & Anti-Spam Defenses Matrix
|
Defense Layer |
Ease
of
Deployment |
Ease
of
Management |
Defense
Effectiveness |
|
Gateway |
High |
High |
High |
|
Server |
High |
High |
High |
|
Desktop |
Medium |
Medium |
Medium |
|
Laptop |
Medium |
Medium |
Medium |
|
Handheld |
Low |
Low |
Low |
The velocity of these threats makes it crucial for organizations to
have multiple layers of protection to safeguard every vulnerable
entry point. This will provide an integrated multi-layer solution
with virus and spam detection, policy enforcement and content
management to keep email servers free of unsolicited email. It will
also detect and disinfect malicious code at every potential access
point with automatic updating virus and spam definitions and rules.
Do not
depend solely on just one layer of anti-virus or anti-spam defense
to protect your network. Learn more about our
Air-Tight, Multi-Layer IT Security Defense Systems.
By
Benson Yeung, Senior Partner
Back to Top 
Information Request Form
|
|
