Bug Watch: Are you vigilant enough?

Bug Watch: Each week vnunet.com asks a different expert from the IT security world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats. This week's expert is Eric Chien, chief researcher at SARC - Symantec's Antivirus Research Centre.

VBS.LoveLetter.BD, a distant variant of the original VBS.LoveLetter.A virus, was unleashed this week, probably making its first appearance from Switzerland.

When executed, the virus downloads a password-stealing Trojan and then attempts to send itself to your entire Outlook address book. Like previous variants, it also contains someone's CV - the enticement to open the attachment!

This particular example was used to target the United Bank of Switzerland (UBS). As the system becomes infected, the virus detects a certain registry key for UBS' software, then it downloads the password stealer from what appears to be an internal address or a 'special' server. Otherwise, it downloads it from other FTP servers.

The virus author can then steal information from UBS and anyone else who 'contracts' the virus. With this type of code, the obvious suspicion is that it may well have been released by someone who had, or knew of, connections inside the bank.

This virus is currently rated as a level 3 threat, with the SARC team keeping a watchful eye on its progress. Norton Antivirus will already detect this through VBS.Loveletter, and the Microsoft security patch can be downloaded now at http://officeupdate.microsoft.com.

This week also saw a number of other attacks. Safeway became the victim of a hacker's spoof emails to their customer base; nine UK government websites were hacked by an anti-smoking protester; and a hacker calling himself Pimpshiz has been re-decorating a number of websites, including NASA's. Pimpshiz was using his graffiti to advertise his support for Napster.

It seems that all the speculation about hackers using their skills for political messaging, and the use of Trojans as virus payloads, is coming true. Are we fuelling the minds of would-be hackers, crackers, phreakers and virus writers through constant media scrutiny, or did the industry and the media just predict the inevitable?

Whatever the reason, companies get hacked. The challenge is to prioritise and resource to prevent your valuable information from being accessed. Network security isn't about ticking a box and moving on, you need monitoring and assessment 24 x 7 x 365.

Next edition 25 August