| 1.
What is a computer virus? |
| As
the common cold goes from person to person,
computer viruses spread from computer to computer.
When you have a cold, your head aches, your nose
runs and your throat is sore, the same thing
happens to your computer. Computer viruses can
cause your computer to erase data, your hard drive
to crash and even your mail client to spread an
email virus to everyone in your address book. |
| |
| 2.
How does a computer virus spread? |
| Computer
viruses spread when certain programs are executed
onto your PC. Your computer may become infected by
a computer virus when installing copied programs
from a disk or downloading programs from the
Internet. Viruses can only ‘propagate’ (that
is, spread from computer to computer) in a limited
number of ways. The most common way is for an
infected program to be copied or downloaded to a
computer and then run.
There
are a number of ways that software can be
transmitted over the Internet. Programs can be
manually downloaded from Web and FTP sites. They
can be sent via email. They can be passed around
using the file transfer capabilities of online
chat and ‘buddy’ services (IRC, ICQ etc.).
They can even be downloaded from newsgroups.
|
| |
| 3.
What is a Trojan program? |
| 'Trojan'
programs carry another, unannounced program such
as Back Orifice (see Q.4). Programs downloaded
from the Internet such as software applications,
games etc. are all capable of carrying trojan
programs. We cannot check the security of
information that you download from the Internet so
be very careful who you accept attachments or
downloads from. Remember that executable files can
only harm you if you open them. |
| |
| 4.
What is Back Orifice? |
| There
is a hacker program called 'Back Orifice', which
was released on to the Internet in August 1998,
and we believe it only affects Windows 95/98. If
the program is present on your PC, it opens up an
'orifice' through which other users can remotely
'hack into' your PC whenever you are online. It
is, however, readily detectable - detailed
information on how to both detect and remove it
can be found at the sites given below. Ezi Hosting
has done some initial testing which has
found these programs to be effective in detecting
and removing the Back Orifice software from
Windows 95/98 PCs. However, Ezi Hosting cannot
guarantee the effectiveness of these programs.
Customers using these Back Orifice detection and
removal programs do so at their own risk and Ezi Hosting
accepts no responsibility for the outcome
of doing so. |
| |
| 5.
What is the Love virus? |
| The
Love virus, or LoveLetter worm, appears in your
email inbox as a VBS or EXE attachment to an email
message, and is usually sent from someone you
know. Once the attachment is opened, the worm
deletes multimedia files on the victim's computer.
If Microsoft Outlook has been installed on the
infected PC, the virus is sent to each entry in
the address book – potentially overloading
systems and e-mail gateways.
More
information:
CNET on the Love worm - http://news.cnet.com/news/0-1003-204-1817112.html
|
| |
| 6.
What is the Code Red worm? |
| The
Code Red worm only infects computers running
Windows NT, Windows 2000 or Microsoft’s Internet
Information (IIS) Web server software. The worm
searches for vulnerable Web servers before
flooding them with data requests
(denial-of-service attacks). More recent versions
of the worm create a backdoor into the Web server
for easier access.
Although
the Code Red worm won't infect home computers
running Windows 95, Windows 98, Windows Me or any
non-Microsoft operating system, users may
experience delays when surfing affected Web sites
due to increased Internet traffic.
If
you are running Microsoft’s IIS server, a
protective patch is available at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/topics/codealrt.asp
More
information:
CNET’s Code Red FAQs - http://news.cnet.com/news/0-1003-200-6733503.html
Symantec Code Red Security Update - http://www.sarc.com/avcenter/venc/data/codered.v3.html
eEye Digital Security - http://www.eeye.com/html/research/tools/codered.html
CNET’s Double the danger, double the Code Red - http://cnet.com/software/0-5067630-8-6791874-1.html
|
| |
| 7.
What is the Nimda Worm? |
| The
Nimda worm, ‘admin’ spelt backward, released
on the 18th September 2001, poses a threat to
computers running Internet Explorer or the
Microsoft IIS Web server.
The
Nimda worm propagates through email, searches for
shared network drives and seeks out un-patched or
vulnerable Microsoft IIS Web servers to flood with
data requests (denial-of-service attacks). The
worm infects both local and remote network shared
files.
Users
of Microsoft Internet Explorer version 5.01 SP1
and below may be affected. You may experience
delays when surfing affected Web sites due to
increased Internet traffic.
If
you are running Microsoft’s IIS server, a
protective patch is available at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms00-078.asp.
If
you are running Microsoft’s Internet Explorer it
is recommended that you upgrade to at least
Internet Explorer version 5.01 SP2 or version 5.5
SP2 available at http://windowsupdate.microsoft.com.
It
is not yet confirmed whether MAC operating systems
are vulnerable to this worm.
More
information:
The SANS Institute Security Incidents - http://www.incidents.org/react/nimda.php.
CNET’s Nimda worm threat - http://www.cnet.com/software/0-5067630-8-7215675-1.html?tag=st.sw.5067630.txt.5067630-8-7215675.
Symantec Nimda Worm Security Update - http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html.
McAfee Nimda Worm Security Update - http://vil.nai.com/vil/virusSummary.asp?virus_k=99209.
Central Command - http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_refno=010918-000005.
|
| |
| 8.
What is the SirCam worm? |
| The
SirCam, or W32.Sircam, worm is distributed via
email. Although this email is undetectable by the
Subject Line, the attached file contains the
extension .BAT, .COM, .LNK, or .PIF.
Once
activated, a randomly chosen document as well as
the worm itself is forwarded to all email
addresses contained in Microsoft Outlook’s
address book. There is a chance that the worm will
delete all files and folders in the PC’s hard
drive on Oct. 16, as well as degrade PC
performance by flooding any remaining hard drive
space.
More
information:
Symantec SirCam Security Update - http://www.sarc.com/avcenter/venc/data/w32.sircam.worm@mm.html
CNET on SirCam virus - http://news.cnet.com/news/0-1003-201-6660665-0.html
CNET’s SirCam as a worldwide threat - http://cnet.com/software/0-5067630-8-6742803-1.html
|
| |
| 9.
What is the Snow White worm? |
| The
Snow White or W95.Hybris.Gen worm is spread
through infected email attachments. As the worm
can create random file names for attachments, all
executable (.EXE) and screensaver (.SCR) files
should be treated with caution. Emails containing
this worm often refer to ‘Snow White’ in the
Subject Line.
Once
a PC is infected, the worm is capable of
automatically attaching copies of itself to all
outgoing emails.
More
information:
Symantec Snow White Security Update - http://www.sarc.com/avcenter/venc/data/w95.hybris.gen.html
|
| |
| 10.
What is the Aliz worm? |
| The
Aliz worm (w32.Aliz.worm) is spread by email and
contains an attached file called whatever.exe. The
body of the email is a blank message with HTML
formatting.
Once
active, Aliz will search your Windows Address Book
for contacts to send copies of itself to,
effectively clogging email servers. Fortunately
the worm does not damage any files or hardware on
your computer.
The
worm affects Windows 9X machines and does not
appear to spread through the NT platform.
Microsoft
recommends that users of Internet Explorer 5.01 or
5.5 patch their systems. Users of Internet
Explorer 5.01 who have installed the IE5.01
Service Patch 2 on their system do not need to
install this patch.
Microsoft
Patch - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp
More
Information:
Symantec Aliz Security Response - http://www.symantec.com/avcenter/venc/data/w32.aliz.worm.html
ZDNet on Aliz - http://www.zdnet.com/products/stories/reviews/0,4161,2825279,00.html
|
| |
| 11.
What is the Badtrans.B worm? |
| Originally
created in April 2001, the latest version of the
Badtrans worm, Badtrans.B released late November
2001, loads a Trojan horse that records keystrokes
capturing passwords credit card information.
The
Badtrans.B worm appears as a reply to an old
email, so the subject line is familiar. The email
message is empty. The attachment may be a .DOC,
.MP3 or a .ZIP file, with a further .SCR or .PIF.
Eploiting
a known vulnerability in Internet Explorer 5.01
and 5.5 and Outlook Express, Badtrans.B worm is
launched automatically while you view the email
attachment in preview mode. Once activated,
Badtrans.b loads a Trojan horse that can reveal
password and credit card information and send the
log file to a Hotmail e-mail adress.
Most
anti-virus software companies have updated their
signature files to include this worm. Microsoft IE
5.01 and 5.5 users are advised to load the
Microsoft patch or upgrade to Internet Explorer 6.
Microsoft
Patch - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-020.asp
More
Information:
Symantec Badtrans.B Security Response - http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html
ZDNet on Badtrans.B - http://www.zdnet.com/products/stories/reviews/0,4161,2825280,00.html
|
| |
| 12.
What is the Goner worm? |
| The
Goner worm (W32.Goner.A@mm), discovered 4 December
2001, is a mass emailing worm attachment written
in Visual Basic. Upon execution, the worm sends
itself to email addresses in Outlook Address Books
and attempts to delete files, including antivirus
and firewall applications.
The
worm spreads through Microsoft Windows computers
using Outlook email clients. Computers running MAC
are not known to be affected. Internet Relay Chat
clients such as ICQ may be affected.
How
can it affect you?
If you’re on a volume based plan, this worms
mass emailing can add significantly to your
chargeable usage. The worm also attempts to delete
virus protection software, which could leave your
PC vulnerable to infection by other computer
viruses. If you’re on a hourly based plan, the
greatest risk is the deletion of virus protection
software.
Subject
of the email:
Hi
Text
of the email:
How
are you?
When
I saw this screen saver, I immediately thought of
you.
I
am in a harry, I promise you will love it!
Attachment:
Gone.scr
More
Information:
The SANS Institute Security Incidents - http://www.incidents.org/diary/diary.php?id=102
Symantec Goner Worm Security Response- http://securityresponse.symantec.com/avcenter/venc/data/w32.goner.a@mm.html
CNet Goner worm news - http://news.cnet.com/news/0-1003-200-8065378.html?tag=owv
ZDNet Goner worm security news - http://www.zdnet.com/zdnn/stories/news/0,4586,5100282,00.html
|
| |
| 13.
How can I secure my PC from being infected by a
computer virus? |
| The
best defence against viruses or worms is to
install one or more anti-virus programs on your
computer and configure them to check all incoming
files and emails for viruses (most will do this by
default). You should check the vendor’s Web site
regularly (at least once a month, preferably
fortnightly or weekly) for updates, as there are
new viruses discovered almost daily.
Check
all downloaded files and email attachments for
viruses before running them. Be wary of running
programs sent to you by people you don't know.
Having said that, you cannot simply assume that
because the sender is known to you, the program is
virus free.
|
| |
| 14.
What Anti-Virus software should I use? |
| Windows
VET
anti-virus software - http://www.vet.com.au/
McAfee Viruscan - http://www.mcafee.com/
Norton Safe on the Web - http://www.symantec.com/region/reg_ap/
BoDetect - http://www.cbsoftsolutions.com
Macintosh
Norton
Anti-Virus for Mac - http://www.symantec.com/nav/nav_mac/
|
| |
| 15.
Do I need Firewall software? |
| Firewall
software provides an increased security level that
many PC users find comforting. The software can
detect ‘Trojan’ programs, provide protection
from hackers and prevent unauthorised network
access from your computer. Most Firewall software
also reports on what information your PC is
broadcasting to the world and highlights potential
security concerns.
Firewall
software is a recommended safe-guard for users who
are online for long periods of time or considering
upgrading to cable, ISDN or ADSL.
|
| |
| 16.
Further Reading |
About Viruses - http://antivirus.about.com
Virus Bulletin - http://www.virusbtn.com
eEye Digital Security - http://www.eeye.com/html
McAfee Virus Information Centre - http://www.mcafee.com/anti-virus/
Symantec AntiVirus Research Centre - http://www.sarc.com/
Hoax Warnings - http://www.datafellows.com/news/hoax/
Virus Myths - http://kumite.com/myths/myths/
Back Orifice - http://www.nwi.net/~pchelp/bo/bo.html |
