‘Disasters normally don’t come alone. They usually bring their family along.’ | ||
| --Anonymous | ||
A computer virus is a software program, usually written by intelligent troublemakers (unethical software programmers), to wreak havoc on other computer programs. Viruses come in all flavours. A virus is a software program that serves no useful purpose. It is written with an intention to cause havoc by exploiting some vulnerabilities of the operating system or programs. Some viruses are harmless and can simply pop up with annoying messages, whereas other viruses are deadly and can wipe out all the data on a hard disk in a matter of minutes. A virus attack can happen in minutes and normally users will not notice the damage until it is too late. Viruses have caused millions of dollars of damage to thousands of organizations worldwide. A computer virus is an executable file designed to replicate itself while avoiding detection. A virus may disguise itself as a legitimate program. Viruses are often rewritten so that they will not be detected. Anti-virus programs must be updated continuously to look for new and modified viruses. Today, viruses are the number one method of computer vandalism.
Example . Virus disaster
CIO: ‘Hello Techies? Why are we not able to access e-mail?’
Techie: ‘I think we have a virus attack. Symptoms look like that deadly virus mentioned in the newspapers. It has wiped out all data on all servers.’
CIO: ‘But we have anti-virus on all computers.’
Techie: ‘We are running an old version. Need the latest version to tackle such viruses.’
CIO: ‘We have a major crisis on hand. Call everyone.’
In order to protect computers from being attacked by viruses, it is mandatory to have each and every computer protected with an anti-virus software program with regular updates. Several reputable manufacturers like Symantec, McAfee, etc, provide excellent virus prevention and cleaning tools. As of today, there are more than 100,000 types of virus lurking around on the Internet. It is not enough just to install an antivirus program and hope it will protect you from every type of virus. The anti-virus program must be periodically updated to protect the computer from new types of viruses. Some of the best practices to prevent viruses are:
Installation of a reputable anti-virus program on all computers (desktops, laptops and servers).
Updating new virus definitions periodically or as and when the manufacturer provides an update.
Scanning all machines periodically.
Preventing users from downloading and installing software programs and files from the Internet.
Install URL filters: These programs prevent users from accessing unwanted or unauthorized websites. Such tools are available from, eg, Surfcontrol (www.surfcontrol.com) and Websense (www.websense.com). These websites also offer time-bound evaluation copies to test the application before purchase.
Preventing users from accessing personal e-mail like Yahoo, Hotmail, Instant Messengers, etc, within the organization as users could receive viruses through attachments sent by unknown persons.
Scanning every incoming and outgoing mail from the organization. Special tools are available for this, eg, the ones from Trend Micro and Symantec (www.trendmicro.com and www.symantec.com).
Educating or preventing users from using floppies, disks, etc, between home and office. This is because a home computer could easily be infected with a virus that could spread through a floppy brought into the office.
Install proper service packs, hot fixes, program updates, etc, for the operating system and other applications to fix vulnerabilities that could be exploited by viruses.
Prevent employees from using dial-up connections to the Internet within the organization. Ensure that all Internet access is via proper firewalls.
Install Internet firewalls with virus detectors.
Educate users about new viruses and their symptoms.
Worms are very similar to viruses in that they are computer programs that replicate copies of themselves (usually to other computer systems via network connections) and wreak havoc on a large number of computers within a short time.
Unlike regular file viruses that attach themselves to files, worms exist as separate entities. They do not attach themselves to other files or programs. Because of their similarity to viruses, worms are often also referred to as viruses. A well-known example of a worm is the ‘ILOVEYOU’ worm, which invaded millions of computers through e-mail in 2000.
The Trojan is named after the wooden horse the Greeks used to infiltrate Troy. A Trojan is a program that does something undocumented which the programmer intended, but that the user would not approve of if he or she knew about it. According to some people, a virus is a particular case of a Trojan horse, namely one that is able to spread to other programs (ie, it turns them into Trojans too).
A macro is a piece of code that can be embedded in a data file. Some word processing software (eg, Microsoft Word) and spreadsheet programs (eg, Microsoft Excel) allow you to attach macros to the documents they create. In this way, documents can control and customize the behaviour of the programs that created them, or even extend the capabilities of the program.
A macro-virus is a virus that exists as a macro attached to a data file. In most respects, macro-viruses are like all other viruses. The main difference is that they are attached to data files (ie, documents like Word or Excel) rather than executable programs. Any application which supports document macros that automatically execute is a ripe target for macro-viruses. One example of a macro-virus is the Melissa virus. It is delivered via e-mail as a Word document attachment with the filename List.doc.
In addition there are several other types of virus. Organizations will have to ensure that they are protected from all types.
In spite of all the precautions, viruses do enter organizations through some loopholes. If the virus does attack, IT support should initiate emergency measures immediately. Some of the common methods are:
Disconnect and isolate the infected machine from the network immediately.
Switch off Internet access.
Run a virus scan and try to remove the virus using various tools and updates.
Reformat the machine if necessary.
In extreme cases, it may be necessary to rebuild or restore the last known good backup.
Switch off other machines on the network to prevent the virus from being spread around.
Call the anti-virus vendor and try to implement all their technical recommendations to remove the virus.
Only after you have ensured that the virus has been destroyed should you connect the machines back to the network.
Important warning: Never ever try to test an anti-virus program by letting loose a live virus in the organization.
Note: It is not always possible to recover from a virus attack. Millions of dollars of data have been lost worldwide because of non-recoverable virus attacks. It may be possible to find a cure eventually for a dangerous new type of virus, but usually the damage would have been done. So, the best method is to take all necessary and continuous precautions and hope that they are sufficient.
It is mandatory to ensure that the latest anti-virus program and its update protect every machine the organization uses. This is actually a Herculean task, depending on an organization’s size and the nature of its work. In small organizations, with only a few computers, IT support staff can manually update anti-virus on all machines. However, for large organizations it is not possible to update anti-virus everywhere, every time. It is necessary to use one or more of the following methods:
Update anti-virus when machines logon to the main server or domain through login scripts, or by installing anti-virus deployment servers.
Enable automatic update on all machines to connect to a server that holds updates and install them automatically through specialized scripts or batch files.
Install an anti-virus deployment server that will automatically scan all machines on the network and deploy updates automatically at specified intervals.
Ensure that all field staff update anti-virus on their laptops by sending periodic reminders and methods to update.
Implement all the manufacturer’s recommendations.
Do’s
Buy a reputable anti-virus program and sufficient licences to cover all computers, laptops and servers.
Make it mandatory to update every computer with the latest patches and virus fixes.
Password protect the anti-virus program such that ordinary users cannot disable or uninstall the program.
Educate users on how to prevent viruses getting into their PCs.
Scan every diskette, CD-Rom or other data device brought into the organization by outsiders like marketing and sales persons, consultants, etc.
Virus check every incoming and outgoing e-mail.
Don’ts
Don’t allow employees to bring floppies, CD-Roms, USB keys, etc, from outside
Don’t allow employees to download games, screen savers, utilities, shareware, etc, from the Internet.
Don’t test any live old or new virus on the network just to see whether the anti-virus program can detect and catch it.
Phishing is a major threat to many organizations that do business via the Internet or where customers buy goods using credit cards or operate their bank accounts online. Fraudsters send an e-mail to a user falsely claiming to be a legitimate bank or company in an attempt to scam the user into providing private information that will be used for identity theft. ‘Spoofed’ e-mails lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. For example, a hoax e-mail will ask for a customer’s bank account and login details using some pretext like there is some problem with their user id, the bank is updating user information, and so on.
Next the e-mail directs an unsuspecting user to visit an authentic-looking (but bogus) website where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. For example, someone can create a website that looks exactly like your bank’s site and you will not be able to tell the difference. If you provide your account details then some fraudster can withdraw or transfer your money to their accounts. And you may never know until it is too late. This is a financial disaster to the user and the legitimate company loses its reputation, may get involved in legal battles, insurance claims, etc.