Posted by : Anonymous on Jan 06, 2005 - 12:39 AM Hardware

It's a message people like Ryan Kokai try to knock into the heads of family, buddies and co-workers time and time again.
And he's not talking about sex. In his role as tech wizard, the 25-year-old is frequently called away from his desk to clean up co-workers' computers which have been infected with viruses or other troublesome computer ailments. He makes housecalls in the evenings and on weekends for his friends - and sometimes friends of friends.
"Pretty much everyone I know comes to me," says the personable Kokai, of Burlington, Ont., who works for an online DVD retailer when he's not cleaning up computer messes. "Sometimes it gets to be a little much."

Most of us probably know someone like Kokai who helps us sort through the ever-growing list of computer mischief-makers like spyware, keystroke logging programs and Trojan horses - programs disguised as games or e-mail attachments that cause trouble by stealing bank and e-mail passwords.

"It's really impressive how many viruses are actually out there and how easy it is to get viruses onto computers that aren't protected already," he said.

Over the past year, industry watchers have noticed an increase in the merging of viruses with other computer agitators. The new relationships increase the speed and breadth by which attackers wreak havoc. And it's only getting worse.

"It's almost a hybrid attack nowadays," said Gus Hursfai, president of Ceryx Inc., a Toronto-based e-mail solutions and security company.

"The viruses are actually spawning spam. The spam distributes viruses. They really help each other distribute themselves."

Sophos, a global anti-virus software company, estimates that 40 per cent of spam comes from PCs that have been hijacked by viruses.

The biggest propagators of the attacks are zombie or robot machines - virus-infected machines that are taken over by spammers or hackers.

In the past, a user would have had to forward a worm-infected e-mail to someone else in order to spread the attack but it's evolved so that now, unknowingly, many of our computers are automatically spreading hazards under our noses.

The number of these remotely controlled robots rose from 2,000 a day to 30,000 a day in just the first six months of 2004, according to research by Symantec, the market leader in computer security with its popular Norton software.

These networks are then used as scanning points for computers with vulnerable spots such as software weak spots or insufficient firewalls. (Firewalls prevent unauthorized access to a computer.)

To put it into context, consider that a couple of years ago the industry had about 26 days from the time a software company like Microsoft identified a vulnerability to when hackers developed code to take advantage of the weak spot.
In 2004, Symantec put that number at 5.8 days.

"At 26 days organizations or individuals had a fighting chance to download a patch . . . 5.8 days isn't enough time to download, test and implement a patch," said Michael Murphy, Symantec's general manager for Canada.

He said large robot or zombie networks became available for rent in the past year meaning attacks will likely worsen in the coming months.

"Attacks today are clearly motivated by profit," said Murphy. "Historically they were motivated by an individual looking for bragging rights or notoriety."

Law enforcement officials make the occasional arrest, but a significant crackdown on the practice is difficult because it crosses so many borders.

And sadly, anti-virus software isn't enough to keep the mischief-makers at bay.

More comprehensive Internet security packages which can detect non-virus threats like spyware and keystroke logging programs are becoming essential for homes and businesses. Norton and McAfee are among two of the more popular companies that sell such software.

"We've seen an evolution of the virus threats into these blended threats that have virus-like characteristics but spread like worms and exploit vulnerabilities and have those all wrapped in," said Murphy.

One such example was a virus-powered phishing scam noticed last month in the U.K. Normal phishing (from a combination of "fishing" and "phreak") schemes send out e-mails that appear to come from a user's bank only the e-mail links to an impersonating website that captures the user's password and pin number. The new variant implants a Trojan on your computer which waits for you to visit your bank's website. At that point, it logs your keystrokes sending the information to a hacker who can then access your bank account.

Tech security is only going to worsen for the unprepared, warns Murphy. Expect the trouble to move further into emerging wireless technologies like our handheld devices.

PDAs, cellphones and even music gadgets such as IPods all have operating systems that can be hacked once connected to the web world, said Murphy.

While the threats to these types of devices was very low in 2004, as the gadgets gain mainstream acceptance, "they will become the targets of tomorrow," he said.

-

Some tips from Symantec Canada to keep your computer safe from intruders:

For individuals:

-Use an Internet security solution that combines anti-virus, firewall, intrusion detection, and vulnerability management for maximum protection against blended threats. This will also identify if your computer is a "robot."

-Ensure that security patches are up-to-date.

-Make your passwords a mixture of letters and numbers. Don't use dictionary words. Change passwords often.

-Never view, open or execute any e-mail attachment unless the purpose of the attachment is known.

-Keep virus definitions updated. By deploying the latest virus definitions, corporations and consumers are protected against the latest viruses known to be spreading "in the wild."

-Be on the look out for hoaxes and phishing scams. Hoaxes typically include a bogus e-mail warning to "send this to everyone you know" and improper technical jargon to mislead users. Phishing scams usually arrive in e-mail. They appear to come from a legitimate organization like a bank and entice users to enter confidential information (i.e. passwords, credit card numbers) into forms on websites designed to look like the legitimate organization.

-

For small businesses:

-Turn off and remove unneeded services.

-If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.

-Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.

-Configure your e-mail server to block or remove e-mail that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

-Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.

© The Canadian Press, 2004