Categories
Journalism

eDoctor’s tips

Published 29.05.2008 ‘Technology on My Desktop’ Engineering & Technology Magazine

If you were one of the unwilling recipients of the Mellisa virus that infected millions of computers around the world in 1999, or the willing reader of the ‘ILoveYou’ email that bore within its content a Visual Basic worm of excellent and elusive engineering, you may know what it’s like to have your computer infected.

If you ever travelled to Amsterdam to collect your ‘newly won inheritance’ from an uncle you can’t quite remember, then you are no stranger to phishing. And if your computer is a zombie, with a Trojan in its internals (whether you knew it or not), then perhaps it participated in crashing Estonia’s banking and government computer systems last summer.

Billions of dollars have been poured into securing and recovering our computers from the damage caused by viruses. Some claim that a lot of money has also been spent on developing such viruses, in order to keep the anti-virus industry in demand. Whatever the causes, the onus remains on you, the user, to prevent a virus from infiltrating your computer’s defence systems and unleashing its malicious content on your fragile digital device. And, more often than not, it is also you who is primarily responsible for having downloaded and executed that virus in the first place, or clicked a link to see an eCard from a charming friend you never met.

DOGGEREL OF A VIRUS

The first recognised instance of a spreadable computer virus was the Elk Cloner. It was written around 1982 by a 15-year-old high school student Rich Skrenta and was aimed at Apple II systems. Elk Cloner spread by infecting the Apple II’s operating system and was transmitted on floppy disks. When the computer was booted from an infected floppy, the virus would display a short ‘poem’:

Elk Cloner: The program with a personality

It will get on all your disks

It will infiltrate your chips

Yes it’s Cloner!

 

It will stick to you like glue

It will modify ram too

Send in the Cloner!

The Morris Worm, written by Robert Tappan Morris in 1998, became the first well-known malware spread on the Internet. It was estimated to have infected around 6,000 computers worldwide and led to the creation of a new industry for countering similar attacks headed by  CERT (Computer Emergency Response Team), a US federal-funded research institute and development centre (www.cert.org).

In 1999, BubbleBoy became the first ever worm that did not depend on the user opening an email attachment to be infected. As soon as the infected email message was viewed, the worm was set to work. This trend was followed by many virus writers and continues to baffle the most expensive security systems, while preying on our never-ending curiosity to see the content of a suspicious-looking email.

Simultaneous attacks of the Blaster and Sobig worms in 2003 caused enormous damage to millions of computers, severely crippling Internet speeds. Eighteen-year-old Jeffrey Lee Parson from Minnesota pleaded guilty to writing and releasing the Blaster.B variant and was jailed for 18 months, becoming the youngest ever virus writer to be imprisoned.

Around five years ago, Botnets became all the rage online. They comprise large numbers of computers infected by a trojan. The writer (distributor) is handed control of the computer’s vital functions and uses it as a spam relay or server. Often the infected machine is organised to perform distributed denial of service (DDOS) attacks on certain websites and Internet services.

MYDOOM & GLOOM

At its peak, the MyDoom trojan of 2004 accounted for some
20 per cent of all emails sent on the Internet. Microsoft and the SCO group offered rewards of $250,000 each to find its creators before their websites were taken offline by a MyDoom coordinated DDOS attack. In July of the same year, a variation of MyDoom launched one of the biggest attacks to date, involving more than a million computers. Google, AltaVista, Lycos tasted dust  as their search engines were brought down.

A week after the removal of a Second World War statue of a Soviet soldier from a central square in Talinn, Estonia last year, the largest cyber attack against a sovereign country to date began. It persisted for two weeks and managed to bring down a considerable portion of Estonia’s ministries, finance and public service networks. Had it lasted a little longer, admitted a member of the Estonian CERT, “we might not have survived it”.

Mobile phones and PDAs are also affected in today’s virus-filled world, taking advantage of Bluetooth and Media Messaging to spread themselves around. BlackBerries, with a vulnerability that allows malware to become trusted applications, are not excluded. Skype and MSN, iMac built-in video cameras and even newly released wireless pacemakers can all be ‘owned’ by a virus writer.

Malicious PHP code has been found in images on photo-sharing websites and millions of unsuspecting (and poorly configured or not updated) Web platforms have been ‘injected’ with viral code. Either our ignorance or their creativity has spawned a hostile digital world with little room for error.

The burden of keeping your computer and those of all Internet users out there malware-free rests entirely on our own shoulders. A technical and a common-sense approach is required to begin the battle.

Our gullibility is our biggest flaw when it comes to staying virus-free. Hastily clicking ‘OK’ to an Internet browser’s warning message, blindly downloading every useless bit of software and curiously opening another email from the ‘Standard Bank of London’ (which I’ve just received in my inbox) is the main cause of malware infection.

Browsing to infected websites is about as high on the danger barometre and is the main ambition of today’s email phishing attacks. How does one know if a website will install malicious code? Well, you cannot know. Your only options are careful analysis of addresses you click on, deciding whether it is at all necessary for you to go there and a strong layer of security software.

Numerous studies have shown that when our sensory receptors are excited, we alter our behaviour to become less cautious. It’s not rocket science to infect a computer with a worm which then sends itself out to everyone on the address book purporting in the subject line ‘a secret, between you and I’. A little unfair that we can no longer send genuine messages as such to each other, but it is too late for that. We need to get accustomed to emotionless subject lines and strictly serious Internet browsing.

Action plan – Be your own doctor

Here’s a short guide to what you can do to strengthen your computer’s defence systems:

  • Let’s start with the facts: Approximately 90 per cent of all malware out there has been written specifically against vulnerabilities discovered in Microsoft products (arguably because they have the lion’s share of desktop software). This includes any version of the ever fledging Windows operating system, the hornet’s nest of macro viruses MS Office, the sieve of Internet Explorer and the worm hole of Outlook Express.
  • Groups like the Cult of the Dead Cow and Oxid.it have for years been releasing software that allows for easy penetration and control of a Windows computer.
  • Linux and Mac operating systems now share almost 20 per cent of the world’s desktop environment. They are also prone to viruses but a great deal less than Windows. Many distributions of Linux are free and continually provide you with free updates. A popular distribution called Ubuntu is, in my opinion, even easier to get up and going than Vista.
  • You are defenceless on the Internet if you do not have an anti-virus, anti-spyware and firewall software installed. These need to be updated constantly and configured rigorously.  You shouldn’t have to spend any money at all. As a commercially defined ‘home user’, I run free software without any noticeable loss of security. Companies like Avast (www.avast.com) and AVG (http://free.grisoft.com) offer full-featured libre versions of their renowned anti-virus tools. You can also get an excellent firewall from Comodo (www.personalfirewall.comodo.com) and an anti-spyware tool called Spybot from www.safer-networking.org. Although I cannot vouch 100 per cent for any tool that I did not create myself, those have done the job for me.
  • Try not to login to your computer with administrator’s rights. Yes, it’s sometimes necessary in order to install software, but if a virus or trojan is executed or gains entry when you are operating with administrator privileges, the scope for destructiveness is as great as can be.
  • Now that your operating system is a little tighter, let’s concentrate on the Web browser. Forget about Internet Explorer and discover some alternatives. I personally use Mozilla Firefox (www.mozilla.com) and strengthen it with some security plug-ins, namely NoScript (http://noscript.net/), the McAfee Site Advisor (www.siteadvisor.com) and the NetCraft anti phishing toolbar (http://toolbar.netcraft.com). The first plug-in disables all javascript, java applets and other website-embedded functionalities by default. It gives you the freedom to browse any website without infection from its malicious code.The McAfee Site Advisor will scan every link on a webpage before you click it and report if it is safe or not. NetCraft is effectively a giant neighbourhood watch scheme, empowering the most alert and most expert members to defend everyone within the community against phishing attacks. Once the first recipients of a phishing mail have reported the target URL, it is blocked for community members as they subsequently access it.
  • And don’t forget to switch off the email preview option (the one that allows you to see the content of an email before you double-click it) in your mail client.

If you value information stored on your computer, devote as much attention to its health as to your own. I for one would be embarrassed to submit this piece to E&T if my computer crashed and I had to finish it by hand (since my fingers do not happen to have a spell checker).

Trackback: IET Magazine