Bug Watch: Weathering the storm

As the UK battens down the hatches with the threat of turbulent weather ahead, Mark Read, professional services consultant at MIS Corporate Defence Solutions, looks at the latest forces battering the IT security world. He discusses the movers and shakers so far this year and provides some practical advice on how to calm the virus storm.

Already this year many businesses have been hit by what so many IT managers dread: the computer virus. Judging from events over the last month, it seems many still need a little persuasion that up to date antivirus (AV) protection is essential if we are to stamp out the threat from bugs such as Nimda or Code Red that were so prolific in 2001.

The most recent survey by the Computer Sciences Corporation said that top of the priority list for IT managers for 2002 is the protection of critical information assets through data recovery and contingency. Security comes in fifth.

For someone in the security arena following the risks to business from breaches everyday, this seems a little strange. Surely it makes more sense to stop the loss of critical data beforehand with security measures. The phrase 'shutting the gate before the horse bolts' springs to mind.

One of the threats to a business and its information is from the IT virus. The rise of the virus is rapidly gaining momentum and remains a few steps ahead of user education in virus avoidance.

The availability of tool kits on the web and the increasing prominence of email have provided 'script kiddies' with the platform not only to construct, but to unleash disruptive worms via macro and script viruses to a mass audience. The example no one could forget is the Love Bug, which was engineered by a student from The Philippines.

There can be no doubt that mass virus emailers accompanied by executable files that were common last year are set to become even more so this year. It is also probable that 2002 will see an increase in internet worms that directly target web servers, similar to last year's Code Red.

Along with this, combined virus attacks that breed by different spreading techniques and payloads are also set to become more prevalent.

Another trend likely to resurface in 2002 is the trick used in the BadTrans virus. Whilst many viruses in the past have spread through users double clicking on attachments, BadTrans, or rather the technology used to create it, infects a system as soon as the email itself is opened. This is even more worrying for those trying to educate users on how to stop a virus infection.

Looking over the top five viruses from last year and comparing them to those seen already in 2002, it is clear that there is still some way to go if companies are to achieve optimum AV security.

Top viruses last year:
BadTrans B
Nimda
Code Red
SirCam
Magistr

Top viruses so far this year:
BadTransB
Sircam
My Party
MagistrB
MagistrA

With only My Party new to the top five in 2002, it is clear that the usual suspects are still doing the rounds. As a mass-mailing worm, with the subject header 'new photos from party' and the URL www.myparty.yahoo.com, this newest irritant has been yet another success of social engineering.

Although less prolific than BadTrans or Sir Cam, the objective to disrupt and cause businesses aggravation is very real, as it encouraged receivers to open what promised to be candid photos.

Last month also saw the internet worm 'Gigger'. With a subject header of 'Outlook Express Update', Gigger disguised itself as a legitimate Microsoft email update.

Following infection, the worm sends itself to everyone in the victim's Outlook address book, and then at the next reboot tries to delete all files on the hard drive. Although not prolific, it has helped serve as a nasty reminder that AV management is an ongoing challenge.

Widely publicised virus activity has helped to increase public awareness of security principles which, in turn, has seen an increased spend on security products, and especially AV solutions. However, businesses are often looking at defensive security procedures only and need to think of a more rounded approach.

Many security software products are now seen as a necessity, but installing and maintaining them is often an unwanted chore. Although larger companies may be able to deal with such matters in-house, small to mid-sized ones cannot, which is where managed services come in.

Recent IDC research indicated that managed security services will grow to a value of $2.2bn in 2005, up from $720m in 2000. Figures such as these indicate a positive step towards informed and educated purchasing, correct instalment and faultless upkeep.

Yes, it would be fantastic to see fully managed security through businesses across the globe, but financial constraints often dictate a waiting game. The following points can therefore be used as a guideline for the formation of a basic AV security strategy.

• Keep up to date with virus patches readily available on the web.
• Ensure AV software is the most recent and suitable for your needs.
• Educate users to use common sense practices.
• Don't double click attachments.
• Don't open suspicious emails.
• Ensure company IT security procedures block dangerous file types both entering and exiting your system. It is all very well trying to ensure that you don't catch an unwanted bug but, if you do, you should ensure that it isn't passed onto your colleagues, contacts and customers.