Bug Watch: 'tis the season to get infected

Bug Watch: Each week vnunet.com asks an expert from the IT security world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats.

With the festive season just around the corner, Jack Clark, European antivirus product manager at Network Associates, asks whether hackers and viruses will make this a Christmas to remember for the IT industry.

With the season of goodwill almost upon us, the security and antivirus market braces itself for another busy Christmas. For the last couple of years the virus world has seen a deluge of activity around this time. Does the Christmas season fuel virus writers' creative juices? Or do end users simply drop their defences over the festive period?

It could be for the simple reason that individuals and companies are more susceptible to attack. Does common sense go out of the window when we see an email Christmas card attachment arrive in our inbox?

The first signs of Christmas activity came last week with Navidad - an internet worm disguised as an email Christmas card. Navidad hit 75 Fortune 500 companies in the US earlier in the month and, while not massively destructive, it was still a big headache for IT departments. Virus writers have even stretched their talents to constructing a harmful 'Christmas Carol' virus carrying a .exe file designed to ruin any network manager's Christmas spirit.

Outside the virus arena, there's also the potential for the end user to be affected when buying online. Reports have already been seen of hackers planning denial of service attacks on online retailers - traditionally the time when these websites will do their best business. Who's going to be surprised if we see one or two high-profile hack attacks over the period?

The only comforting factor is that, so far, none of these viruses have carried a massively destructive payload. But is this the year in which we can expect a Melissa or Love Bug in our Christmas stocking?

Whether it's the festive season or not, users still need to be sensible. Viruses with a Christmas disguise are far more likely to be forwarded around friends and colleagues, so users need to be on their guard.

Recent research carried out by Network Associates highlighted the threat that uneducated users pose to a network, but should we blame people for IT problems?

The research, which surveyed 120 heads of corporate networks, found that they believed end users are just as responsible for jeopardising the performance of an ebusiness as the technology itself. Some 40 per cent of respondents said that end users were the most vulnerable part of the network, and created a significant security threat.

And despite the importance of security being hammered home in the media time and time again, 71 per cent of respondents still believe that workers were not aware of security issues.

By centralising the management of antivirus and security software, and controlling the flow of traffic through a network, companies can reduce the risk of virus attacks and security breaches. Constant updates are also essential in order to keep network defences steady.

The underlying message is that corporations need to make sure their email users are even more vigilant at this time of year. Even though an attachment may appear to be from a friend or colleague, the risk is just as high. If you're not expecting an attachment, don't open it. Most of the time users aren't even aware of what they're forwarding.

The ideal solution is to take the responsibility out of the hands of the end user, but a reminder to all staff about the network-stopping potential of seemingly friendly attachments around this time of year wouldn't go amiss.