Ransomware is software that denies you access to your fi les until you pay a ransom.
In the past, malicious software typically used to corrupt or delete data, but now it can hold your data hostage instead. For example, the Archiveus Trojan copies the contents of “My Documents” into a password-protected fi le and then deletes the original fi les. It leaves a message telling you that you require a 30-character password to access the folder, and that you will be sent the password if you make purchases from an online pharmacy.
In that case, as in most ransomware so far, the password or key is concealed inside the Trojan’s code and can be retrieved by virus analysts. However, in the future hackers could use asymmetric or public-key encryption, which uses one key to encrypt the data, but another to decrypt it, so that the password would not be stored on your computer.
In some cases, the threat to deny access is suffi cient. For example, the Ransom-A Trojan threatens to delete a fi le every 30 minutes until you pay for an “unlock code” via Western Union. If you enter an incorrect unlock code, the Trojan warns that the computer will crash after three days. However, the threats are a bluff, as Ransom-A is not capable of doing these things.
Sophos.com
Saturday, January 31, 2009
Friday, January 30, 2009
Potentially unwanted applications (PUAs)
Potentially unwanted applications are programs that are not malicious but may be unsuitable on company networks.
Some applications are non-malicious and possibly useful in the right context, but are not suitable for company networks. Examples are adware, dialers, non-malicious spyware, tools for administering PCs remotely, and hacking tools.
Certain anti-virus programs can detect such applications on users’ computers and report them. The administrator can then either authorize the applications for use or remove them from the computers.
Sophos.com
Some applications are non-malicious and possibly useful in the right context, but are not suitable for company networks. Examples are adware, dialers, non-malicious spyware, tools for administering PCs remotely, and hacking tools.
Certain anti-virus programs can detect such applications on users’ computers and report them. The administrator can then either authorize the applications for use or remove them from the computers.
Sophos.com
Thursday, January 29, 2009
Phishing
Phishing is the use of bogus emails and websites to trick you into supplying confi dential or personal information.
Typically, you receive an email that appears to come from a reputable organization, such as a bank. The email includes what appears to be a link to the organization’s website. However, if you follow the link, you are connected to a replica of the website. Any details you enter, such as account numbers, PINs or passwords, can be stolen and used by the hackers who created the bogus site.
Sometimes the link displays the genuine web site, but superimposes a bogus pop-up window. You can see the address of the real website in the background, but details you enter in the pop-up window can be stolen.
Sometimes the hacker uses a technique called “cross-site scripting”: the link takes you to the correct website, but subverts it by pulling in content from elsewhere. Once again, the part of the site where you enter information is controlled by the hacker.
Phishing had its origins in the 1990s, when scammers used the technique to collect AOL account details so that they could gain free internet access. The details were called “phish” because they were gathered by “fi shing” for users. The “ph” imitates the spelling of “phreaker”, the term for those who used to hack into the telephone network.
You should always be wary about emails that use generic salutations, e.g. “Dear Customer”, and about following links sent to you in emails. Instead, you should enter the website address in the address fi eld and then navigate to the right page, or use a bookmark or a “Favorite” link. Even if you enter the address, there is a risk of being redirected to a bogus site (see Pharming), so you should always exercise caution.
Anti-spam software can block many phishing-related emails. Some software can detect phishing content on web pages or in email, and can provide a toolbar that shows the real domain for the website you are following a link to.
Sophos.com
Typically, you receive an email that appears to come from a reputable organization, such as a bank. The email includes what appears to be a link to the organization’s website. However, if you follow the link, you are connected to a replica of the website. Any details you enter, such as account numbers, PINs or passwords, can be stolen and used by the hackers who created the bogus site.
Sometimes the link displays the genuine web site, but superimposes a bogus pop-up window. You can see the address of the real website in the background, but details you enter in the pop-up window can be stolen.
Sometimes the hacker uses a technique called “cross-site scripting”: the link takes you to the correct website, but subverts it by pulling in content from elsewhere. Once again, the part of the site where you enter information is controlled by the hacker.
Phishing had its origins in the 1990s, when scammers used the technique to collect AOL account details so that they could gain free internet access. The details were called “phish” because they were gathered by “fi shing” for users. The “ph” imitates the spelling of “phreaker”, the term for those who used to hack into the telephone network.
You should always be wary about emails that use generic salutations, e.g. “Dear Customer”, and about following links sent to you in emails. Instead, you should enter the website address in the address fi eld and then navigate to the right page, or use a bookmark or a “Favorite” link. Even if you enter the address, there is a risk of being redirected to a bogus site (see Pharming), so you should always exercise caution.
Anti-spam software can block many phishing-related emails. Some software can detect phishing content on web pages or in email, and can provide a toolbar that shows the real domain for the website you are following a link to.
Sophos.com
Wednesday, January 28, 2009
Pharming
Pharming redirects you from a legitimate website to a bogus copy, allowing criminals to steal the information you enter.
Pharming exploits the way that website addresses are composed.
Each computer on the internet has a numerical “IP address”, e.g. 127.0.0.1. However, these are not easy to remember, so web addresses also have a domain name, like sophos.com. Every time you type in an address, the domain name has to be turned back into the IP address. A DNS or Domain Name Server on the internet handles this, unless a “local host fi le” on your computer has already done it.
Hackers can subvert this process in two ways. They can send out a Trojan horse that rewrites the local host fi le on your PC, so that it associates the domain name with a bogus website. You are then directed to that site, even though you enter the correct address. Alternatively, they can “poison” the DNS directory, i.e. alter it so that anyone who tries to visit that address is directed to the bogus site.
To avoid pharming, make sure that you use secure web connections when you access sensitive sites. Just look for the https:// prefi x in the web address. If a hacker tries to mimic a secure site, a message will warn you that the site’s certifi cate does not match the address being visited.
If you see a warning that a site’s certifi cate is not valid or not issued by a trusted authority, you should not enter the site.
There are also software solutions. Some software can display a warning if you enter personal information in reply to an unknown email address. Other utilities can check to see if websites or IP addresses are blacklisted.
Sophos.com
Pharming exploits the way that website addresses are composed.
Each computer on the internet has a numerical “IP address”, e.g. 127.0.0.1. However, these are not easy to remember, so web addresses also have a domain name, like sophos.com. Every time you type in an address, the domain name has to be turned back into the IP address. A DNS or Domain Name Server on the internet handles this, unless a “local host fi le” on your computer has already done it.
Hackers can subvert this process in two ways. They can send out a Trojan horse that rewrites the local host fi le on your PC, so that it associates the domain name with a bogus website. You are then directed to that site, even though you enter the correct address. Alternatively, they can “poison” the DNS directory, i.e. alter it so that anyone who tries to visit that address is directed to the bogus site.
To avoid pharming, make sure that you use secure web connections when you access sensitive sites. Just look for the https:// prefi x in the web address. If a hacker tries to mimic a secure site, a message will warn you that the site’s certifi cate does not match the address being visited.
If you see a warning that a site’s certifi cate is not valid or not issued by a trusted authority, you should not enter the site.
There are also software solutions. Some software can display a warning if you enter personal information in reply to an unknown email address. Other utilities can check to see if websites or IP addresses are blacklisted.
Sophos.com
Tuesday, January 27, 2009
Parasitic viruses
Parasitic viruses, also known as fi le viruses, spread by attaching themselves to programs.
When you start a program infected with a parasitic virus, the virus code is run. To hide itself, the virus then passes control back to the original program.
The operating system on your computer sees the virus as part of the program you were trying to run and gives it the same rights. These rights allow the virus to copy itself, install itself in memory or make changes on your computer.
Parasitic viruses appeared early in virus history but they can still pose a threat.
Sophos.com
When you start a program infected with a parasitic virus, the virus code is run. To hide itself, the virus then passes control back to the original program.
The operating system on your computer sees the virus as part of the program you were trying to run and gives it the same rights. These rights allow the virus to copy itself, install itself in memory or make changes on your computer.
Parasitic viruses appeared early in virus history but they can still pose a threat.
Sophos.com
Monday, January 26, 2009
Palmtop viruses
Palmtops or PDAs provide new opportunities for viruses, but so far virus writers have shown little interest.
Palmtops or PDAs run special operating systems – such as Palm and Microsoft PocketPC. These are vulnerable to malicious code, but so far the risks are low.
There are currently only a few items of known malware written for Palm.
Virus writers prefer to target desktop systems, perhaps because they are more popular and allow viruses to spread rapidly via email and the internet.
The real risk at present is that your palmtop will act as a carrier. When you connect it to a home or offi ce PC to synchronize data, a virus that is harmless on the palmtop could spread to the PC, where it can do harm. To avoid this risk, follow our tips on How to avoid viruses, Trojans, worms and spyware and always run anti-virus software on your desktop computer.
Palmtops or PDAs run special operating systems – such as Palm and Microsoft PocketPC. These are vulnerable to malicious code, but so far the risks are low.
There are currently only a few items of known malware written for Palm.
Virus writers prefer to target desktop systems, perhaps because they are more popular and allow viruses to spread rapidly via email and the internet.
The real risk at present is that your palmtop will act as a carrier. When you connect it to a home or offi ce PC to synchronize data, a virus that is harmless on the palmtop could spread to the PC, where it can do harm. To avoid this risk, follow our tips on How to avoid viruses, Trojans, worms and spyware and always run anti-virus software on your desktop computer.
Sunday, January 25, 2009
Page-jacking
Page-jacking is the use of replicas of reputable web pages to catch users and redirect them to other websites.
Scammers copy pages from an established website and put them on a new site that appears to be legitimate. They register this new site with major search engines, so that users doing a search fi nd and follow links to it. When the user arrives at the website, they are automatically redirected to a different site that displays advertising or offers of different services. They may also fi nd that they cannot escape from the site without restarting their computer (see Mousetrapping).
Scammers use page-jacking to increase the number of visitors to a website. That means that their site commands more advertising revenue and is also more valuable if they decide to sell it. Alternatively, the scammer can redirect users to another site and claim a fee for “referring” visitors to that site.
Page-jacking annoys users and can confront them with offensive material. It also reduces revenue for legitimate websites, and makes search engines less useful.
In some cases, page-jacking is used in phishing attacks.
To avoid page-jacking, use a bookmark or “Favorite” (but you must be sure that you did not set up the favorite at a page-jacked site), or type the desired website address (the URL) in directly.
Sophos.com
Scammers copy pages from an established website and put them on a new site that appears to be legitimate. They register this new site with major search engines, so that users doing a search fi nd and follow links to it. When the user arrives at the website, they are automatically redirected to a different site that displays advertising or offers of different services. They may also fi nd that they cannot escape from the site without restarting their computer (see Mousetrapping).
Scammers use page-jacking to increase the number of visitors to a website. That means that their site commands more advertising revenue and is also more valuable if they decide to sell it. Alternatively, the scammer can redirect users to another site and claim a fee for “referring” visitors to that site.
Page-jacking annoys users and can confront them with offensive material. It also reduces revenue for legitimate websites, and makes search engines less useful.
In some cases, page-jacking is used in phishing attacks.
To avoid page-jacking, use a bookmark or “Favorite” (but you must be sure that you did not set up the favorite at a page-jacked site), or type the desired website address (the URL) in directly.
Sophos.com
Saturday, January 24, 2009
Obfuscated spam
Obfuscated spam is email that has been disguised in an attempt to fool anti-spam software.
Spammers are constantly trying to fi nd ways to modify or conceal their messages so that your anti-spam software can’t read them, but you can.
The simplest example of this “obfuscation” is putting spaces between the letters of words, hoping that anti-spam software will not read the letters as one word, for example
V I A G R A
Another common technique is to use misspellings or non-standard characters, for example
V!agra
These tricks are easily detected.
More advanced techniques exploit the use of HTML code (normally used for writing web pages) in email. This allows the spammer to write messages that anti-spam software “sees” quite differently from the way you see them.
For example, words can be written using special numerical HTML codes for each letter,
e.g. instead of “Viagra”, you can write
Viagra
HTML can also allow the reader to see one message, while the anti-spam software sees another, more innocent one. The more innocent message is in the same color as the background.
Viagra
Hi, Johnny! It was nice to have dinner with you.
Spammers often include large amounts of hidden text, often cut from online reference books, to try to fool anti-spam software that assesses mail according to the frequency of certain key words.
Sophos.com
Spammers are constantly trying to fi nd ways to modify or conceal their messages so that your anti-spam software can’t read them, but you can.
The simplest example of this “obfuscation” is putting spaces between the letters of words, hoping that anti-spam software will not read the letters as one word, for example
V I A G R A
Another common technique is to use misspellings or non-standard characters, for example
V!agra
These tricks are easily detected.
More advanced techniques exploit the use of HTML code (normally used for writing web pages) in email. This allows the spammer to write messages that anti-spam software “sees” quite differently from the way you see them.
For example, words can be written using special numerical HTML codes for each letter,
e.g. instead of “Viagra”, you can write
Viagra
HTML can also allow the reader to see one message, while the anti-spam software sees another, more innocent one. The more innocent message is in the same color as the background.
Viagra
Hi, Johnny! It was nice to have dinner with you.
Spammers often include large amounts of hidden text, often cut from online reference books, to try to fool anti-spam software that assesses mail according to the frequency of certain key words.
Sophos.com
Friday, January 23, 2009
Mousetrapping
Mousetrapping prevents you from leaving a website.
If you are redirected to a bogus website, you may fi nd that you cannot quit with the back or close buttons. In some cases, entering a new web address does not enable you to escape either.
The site that mousetraps you will either not allow you to visit another address, or will open another browser window displaying the same site. Some mousetraps let you quit after a number of attempts, but others do not.
To escape, use a bookmark or “Favorite”, or open the list of recently-visited addresses and select the next-to-last. You can also press Ctrl+Alt+Del and use the Task Manager to shut down the browser or, if that fails, restart the computer.
To reduce the risk of mousetrapping, you can disable Java script in your internet browser. This prevents you from being trapped at sites that use this script, but it also affects the look and feel of websites.
If you are redirected to a bogus website, you may fi nd that you cannot quit with the back or close buttons. In some cases, entering a new web address does not enable you to escape either.
The site that mousetraps you will either not allow you to visit another address, or will open another browser window displaying the same site. Some mousetraps let you quit after a number of attempts, but others do not.
To escape, use a bookmark or “Favorite”, or open the list of recently-visited addresses and select the next-to-last. You can also press Ctrl+Alt+Del and use the Task Manager to shut down the browser or, if that fails, restart the computer.
To reduce the risk of mousetrapping, you can disable Java script in your internet browser. This prevents you from being trapped at sites that use this script, but it also affects the look and feel of websites.
Thursday, January 22, 2009
Mobile phone viruses
Mobiles can be infected by worms that spread themselves via the mobile phone network.
In 2004, the fi rst mobile phone worm was written. The Cabir-A worm affects phones that use the Symbian operating system, and is transmitted as a telephone game fi le (an SIS fi le). If you launch the fi le, a message appears on the screen, and the worm is run each time you turn the phone on thereafter. Cabir-A searches for other mobile phones nearby using Bluetooth technology, and sends itself to the fi rst it fi nds.
There are also conventional viruses that send messages to mobile phones. For example, Timo-A uses computer modems to send text (SMS) messages to selected mobile numbers, but in cases like these the virus can’t infect or harm the mobile phone.
Until now, the risks for mobile phones have been few. The reason could be that they use many different operating systems, and that the software and device characteristics change so rapidly.
In 2004, the fi rst mobile phone worm was written. The Cabir-A worm affects phones that use the Symbian operating system, and is transmitted as a telephone game fi le (an SIS fi le). If you launch the fi le, a message appears on the screen, and the worm is run each time you turn the phone on thereafter. Cabir-A searches for other mobile phones nearby using Bluetooth technology, and sends itself to the fi rst it fi nds.
There are also conventional viruses that send messages to mobile phones. For example, Timo-A uses computer modems to send text (SMS) messages to selected mobile numbers, but in cases like these the virus can’t infect or harm the mobile phone.
Until now, the risks for mobile phones have been few. The reason could be that they use many different operating systems, and that the software and device characteristics change so rapidly.
Wednesday, January 21, 2009
Internet worms
Worms are programs that create copies of themselves and spread via internet connections.
Worms differ from computer viruses because they can propagate themselves, rather than using a carrier program or fi le. They simply create exact copies of themselves and use communication between computers to spread.
Internet worms can travel between connected computers by exploiting security “holes” in the computer’s operating system. The Blaster worm, for example, takes advantage of a weakness in the Remote Procedure Call service that runs on unpatched Windows NT, 2000 and XP computers and uses it to send a copy of itself to another computer.
Many viruses, such as MyDoom or Bagle, now behave like worms and use email to forward themselves.
A worm can have malicious effects. For example, it may use affected computers to deluge websites with requests or data, causing them to crash (a “denial-of-service” attack). Alternatively, it can encrypt a user’s fi les and make them unusable. In either case, companies can be blackmailed.
Many worms open a “back door” on the computer, allowing hackers to take control of it. Such computers can then be used to send spam mail (see Zombie).
Quite apart from such effects, the network traffi c generated by a fast-spreading worm can slow down communications. The Blaster worm, for example, creates a lot of traffi c on the internet as it spreads, slowing down communications or causing computers to crash. Later it uses the affected computer to bombard a Microsoft website with data, with the aim of making it inaccessible.
Microsoft (and other operating system vendors) issue patches to fi x security loopholes in their software. You should update your computer regularly by visiting the vendor’s website.
Worms differ from computer viruses because they can propagate themselves, rather than using a carrier program or fi le. They simply create exact copies of themselves and use communication between computers to spread.
Internet worms can travel between connected computers by exploiting security “holes” in the computer’s operating system. The Blaster worm, for example, takes advantage of a weakness in the Remote Procedure Call service that runs on unpatched Windows NT, 2000 and XP computers and uses it to send a copy of itself to another computer.
Many viruses, such as MyDoom or Bagle, now behave like worms and use email to forward themselves.
A worm can have malicious effects. For example, it may use affected computers to deluge websites with requests or data, causing them to crash (a “denial-of-service” attack). Alternatively, it can encrypt a user’s fi les and make them unusable. In either case, companies can be blackmailed.
Many worms open a “back door” on the computer, allowing hackers to take control of it. Such computers can then be used to send spam mail (see Zombie).
Quite apart from such effects, the network traffi c generated by a fast-spreading worm can slow down communications. The Blaster worm, for example, creates a lot of traffi c on the internet as it spreads, slowing down communications or causing computers to crash. Later it uses the affected computer to bombard a Microsoft website with data, with the aim of making it inaccessible.
Microsoft (and other operating system vendors) issue patches to fi x security loopholes in their software. You should update your computer regularly by visiting the vendor’s website.
Tuesday, January 20, 2009
Email viruses
Many of the most prolifi c viruses distribute themselves automatically by email.
Typically, email-aware viruses depend on the user double-clicking on an attachment. This runs the malicious code, which will then mail itself to other people from that computer. The Netsky virus, for example, searches the computer for fi les that may contain email addresses, and then uses the email client on your computer to send itself to those addresses. Some viruses, like Sobig-F, don’t even need to use your email client; they include their own “SMTP engine” for constructing and sending the email messages.
Any attachment that you receive by email could carry a virus; and launching such an attachment can infect your computer.
Even an attachment that appears to be a safe type of fi le, e.g. a fi le with a .txt extension, can pose a threat. That fi le may be a malicious VBS script with the real fi le type (.vbs) hidden from view.
Some viruses, such as Kakworm and Bubbleboy, can infect users as soon as they read email, exploiting a vulnerability in the operating system or mail program. They look like any other message but contain a hidden script that runs as soon as you open the email, or even look at it in the preview pane (as long as you are using Outlook with the right version of Internet Explorer). This script can change system settings and send the virus to other users via email.
Email viruses may compromise your computer’s security or steal data, but their most common effect is to create excessive email traffi c and crash servers.
To avoid email viruses, you should run anti-virus software and avoid clicking on unexpected attachments. You should also install the patches issued by software vendors, as these can close down the vulnerabilities exploited by email viruses.
Typically, email-aware viruses depend on the user double-clicking on an attachment. This runs the malicious code, which will then mail itself to other people from that computer. The Netsky virus, for example, searches the computer for fi les that may contain email addresses, and then uses the email client on your computer to send itself to those addresses. Some viruses, like Sobig-F, don’t even need to use your email client; they include their own “SMTP engine” for constructing and sending the email messages.
Any attachment that you receive by email could carry a virus; and launching such an attachment can infect your computer.
Even an attachment that appears to be a safe type of fi le, e.g. a fi le with a .txt extension, can pose a threat. That fi le may be a malicious VBS script with the real fi le type (.vbs) hidden from view.
Some viruses, such as Kakworm and Bubbleboy, can infect users as soon as they read email, exploiting a vulnerability in the operating system or mail program. They look like any other message but contain a hidden script that runs as soon as you open the email, or even look at it in the preview pane (as long as you are using Outlook with the right version of Internet Explorer). This script can change system settings and send the virus to other users via email.
Email viruses may compromise your computer’s security or steal data, but their most common effect is to create excessive email traffi c and crash servers.
To avoid email viruses, you should run anti-virus software and avoid clicking on unexpected attachments. You should also install the patches issued by software vendors, as these can close down the vulnerabilities exploited by email viruses.
Monday, January 19, 2009
Document viruses
Document or “macro” viruses take advantage of macros – commands that are embedded in fi les and run automatically.
Many applications, such as word processing and spreadsheet programs, use macros. A macro virus is a macro program that can copy itself and spread from one fi le to another. If you open a fi le that contains a macro virus, the virus copies itself into the application’s startup fi les. The computer is now infected.
When you next open a fi le using the same application, the virus infects that fi le. If your computer is on a network, the infection can spread rapidly: when you send an infected fi le to someone else, they can become infected too. A malicious macro can also make changes to your documents or settings.
Macro viruses infect fi les used in most offi ces and some can infect several fi le types, such as Word and Excel fi les. They can also spread to any platform on which their host application runs.
Macro viruses fi rst appeared in the mid-1990s and rapidly became the most serious virus threat of that time. Few viruses of this type are seen now.
Many applications, such as word processing and spreadsheet programs, use macros. A macro virus is a macro program that can copy itself and spread from one fi le to another. If you open a fi le that contains a macro virus, the virus copies itself into the application’s startup fi les. The computer is now infected.
When you next open a fi le using the same application, the virus infects that fi le. If your computer is on a network, the infection can spread rapidly: when you send an infected fi le to someone else, they can become infected too. A malicious macro can also make changes to your documents or settings.
Macro viruses infect fi les used in most offi ces and some can infect several fi le types, such as Word and Excel fi les. They can also spread to any platform on which their host application runs.
Macro viruses fi rst appeared in the mid-1990s and rapidly became the most serious virus threat of that time. Few viruses of this type are seen now.
Sunday, January 18, 2009
Dialers
Dialers change the number used for dial-up internet access to a premium-rate number.
Dialers are not always malicious. Legitimate companies that offer downloads or games may expect you to use a premium-rate line to access their services. A pop-up prompts you to download the dialer and tells you how much calls will cost.
Other dialers may install themselves without your knowledge when you click on a pop-up message (for example, a message warning you about a virus on your computer and offering a solution). These do not offer access to any special services – they simply divert your connection so that you access the internet via a premium-rate number.
Broadband users are usually safe, even if a dialer installs itself. This is because broadband doesn’t use regular phone numbers, and because broadband users don’t usually have a dial-up modem connected.
Anti-virus software can detect and eliminate Trojan horse programs that install dialers.
Sophos.com
Dialers are not always malicious. Legitimate companies that offer downloads or games may expect you to use a premium-rate line to access their services. A pop-up prompts you to download the dialer and tells you how much calls will cost.
Other dialers may install themselves without your knowledge when you click on a pop-up message (for example, a message warning you about a virus on your computer and offering a solution). These do not offer access to any special services – they simply divert your connection so that you access the internet via a premium-rate number.
Broadband users are usually safe, even if a dialer installs itself. This is because broadband doesn’t use regular phone numbers, and because broadband users don’t usually have a dial-up modem connected.
Anti-virus software can detect and eliminate Trojan horse programs that install dialers.
Sophos.com
Saturday, January 17, 2009
Denial-of-service attack
A denial-of-service (DoS) attack prevents users from accessing a computer or website.
In a DoS attack, a hacker attempts to overload or shut down a computer, so that legitimate users can no longer access it. Typical DoS attacks target web servers and aim to make websites unavailable. No data is stolen or compromised, but the interruption to the service can be costly for a company.
The most common type of DoS attack involves sending more traffi c to a computer than it can handle. Rudimentary methods include sending outsized data packets or sending email attachments with names that are longer than permitted by the mail programs.
An attack can also exploit the way that a “session” of communications is established when a user fi rst contacts the computer. If the hacker sends many requests for a connection rapidly and then fails to respond to the reply, the bogus requests are left in a buffer for a while. Genuine users’ requests cannot be processed, so that they can’t contact the computer.
Another method is to send an “IP ping” message (message requiring a response from other computers) that appears to come from the victim’s computer. The message goes out to a large number of computers, which all try to respond. The victim is fl ooded with replies and the computer can no longer handle genuine traffi c.
A distributed denial-of-service attack uses numerous computers to launch the attack. Typically, hackers use a virus or Trojan to open a “back door” on other people’s computers and take control of them. These “zombie” computers can be used to launch a coordinated denial-of-service attack.
See Backdoor Trojans, Zombies.
Sophos.com
In a DoS attack, a hacker attempts to overload or shut down a computer, so that legitimate users can no longer access it. Typical DoS attacks target web servers and aim to make websites unavailable. No data is stolen or compromised, but the interruption to the service can be costly for a company.
The most common type of DoS attack involves sending more traffi c to a computer than it can handle. Rudimentary methods include sending outsized data packets or sending email attachments with names that are longer than permitted by the mail programs.
An attack can also exploit the way that a “session” of communications is established when a user fi rst contacts the computer. If the hacker sends many requests for a connection rapidly and then fails to respond to the reply, the bogus requests are left in a buffer for a while. Genuine users’ requests cannot be processed, so that they can’t contact the computer.
Another method is to send an “IP ping” message (message requiring a response from other computers) that appears to come from the victim’s computer. The message goes out to a large number of computers, which all try to respond. The victim is fl ooded with replies and the computer can no longer handle genuine traffi c.
A distributed denial-of-service attack uses numerous computers to launch the attack. Typically, hackers use a virus or Trojan to open a “back door” on other people’s computers and take control of them. These “zombie” computers can be used to launch a coordinated denial-of-service attack.
See Backdoor Trojans, Zombies.
Sophos.com
Cookies
Cookies are files on your computer that enable websites to remember your details.
When you visit a website, it can place a fi le called a cookie on your computer. This enables the website to remember your details and track your visits. Cookies can be a threat to
confi dentiality, but not to your data.
Cookies were designed to be helpful. For example, if you submit your ID when you visit a website, a cookie can store this data, so that you don’t have to re-enter it next time. Cookies also have benefi ts for webmasters, as they show which web pages are wellused, providing useful input when planning a redesign of the site.
Cookies are small text fi les and cannot harm your data. However, they can compromise your confi dentiality. Cookies can be stored on your computer without your knowledge or consent, and they contain information about you in a form you can’t access easily. And when you revisit the same website, this data is passed back to the web server, again without your consent.
Websites gradually build up a profi le of your browsing behavior and interests. This information can be sold or shared with other sites, allowing advertisers to match ads to your interests, ensure that consecutive ads are displayed as you visit different sites, and track the number of times you have seen an ad.
If you prefer to remain anonymous, use the security settings on your internet browser to disable cookies.
Sophos.com
When you visit a website, it can place a fi le called a cookie on your computer. This enables the website to remember your details and track your visits. Cookies can be a threat to
confi dentiality, but not to your data.
Cookies were designed to be helpful. For example, if you submit your ID when you visit a website, a cookie can store this data, so that you don’t have to re-enter it next time. Cookies also have benefi ts for webmasters, as they show which web pages are wellused, providing useful input when planning a redesign of the site.
Cookies are small text fi les and cannot harm your data. However, they can compromise your confi dentiality. Cookies can be stored on your computer without your knowledge or consent, and they contain information about you in a form you can’t access easily. And when you revisit the same website, this data is passed back to the web server, again without your consent.
Websites gradually build up a profi le of your browsing behavior and interests. This information can be sold or shared with other sites, allowing advertisers to match ads to your interests, ensure that consecutive ads are displayed as you visit different sites, and track the number of times you have seen an ad.
If you prefer to remain anonymous, use the security settings on your internet browser to disable cookies.
Sophos.com
Friday, January 16, 2009
Chain letters
An electronic chain letter is an email that urges you to forward copies to other people.
Chain letters, like virus hoaxes, depend on you, rather than on computer code, to propagate themselves. The main types are:
• Hoaxes about terrorist attacks, premium-rate phone line scams, thefts from ATMs and so forth.
• False claims that companies are offering free fl ights, free mobile phones, or cash rewards if you forward email.
• Messages, which purport to be from agencies like the CIA and FBI, warning about dangerous criminals in your area.
• Petitions. Even if genuine, they continue to circulate long after their expiry date.
• Jokes and pranks, e.g. the claim that the internet would be closed for maintenance on 1 April.
Chain letters don’t threaten your security, but they can waste time, spread misinformation and distract users from genuine email.
They can also create unnecessary email traffi c and slow down mail servers. In some cases the chain letter encourages people to send email to certain addresses, so that these are deluged with unsolicited mail.
The solution to the chain letter problem is simple: don’t forward such mail.
Sophos.com
Chain letters, like virus hoaxes, depend on you, rather than on computer code, to propagate themselves. The main types are:
• Hoaxes about terrorist attacks, premium-rate phone line scams, thefts from ATMs and so forth.
• False claims that companies are offering free fl ights, free mobile phones, or cash rewards if you forward email.
• Messages, which purport to be from agencies like the CIA and FBI, warning about dangerous criminals in your area.
• Petitions. Even if genuine, they continue to circulate long after their expiry date.
• Jokes and pranks, e.g. the claim that the internet would be closed for maintenance on 1 April.
Chain letters don’t threaten your security, but they can waste time, spread misinformation and distract users from genuine email.
They can also create unnecessary email traffi c and slow down mail servers. In some cases the chain letter encourages people to send email to certain addresses, so that these are deluged with unsolicited mail.
The solution to the chain letter problem is simple: don’t forward such mail.
Sophos.com
Thursday, January 15, 2009
Browser hijackers
Browser hijackers change the default home and search pages in your internet browser.
Some websites run a script that changes the settings in your browser without your permission. This hijacker can add shortcuts to your “Favorites” folder or, more seriously, can change the page that is fi rst displayed when you open the browser.
You may fi nd that you cannot change your browser’s start page back to your chosen site. Some hijackers edit the Windows registry so that the hijacked settings are restored every time you restart your computer. Others remove options from the browser’s tools menu, so that you can’t reset the start page.
In every case, the intention is the same: to force you to visit a website. This infl ates the number of “hits” and the site’s ranking with search engines, which boosts the advertising revenue that the site can earn.
Browser hijackers can be very tenacious. Some can be removed automatically by security software. Others may need to be removed manually. In some cases, it is easier to restore the computer to an earlier state or reinstall the operating system.
Sophos.com
Some websites run a script that changes the settings in your browser without your permission. This hijacker can add shortcuts to your “Favorites” folder or, more seriously, can change the page that is fi rst displayed when you open the browser.
You may fi nd that you cannot change your browser’s start page back to your chosen site. Some hijackers edit the Windows registry so that the hijacked settings are restored every time you restart your computer. Others remove options from the browser’s tools menu, so that you can’t reset the start page.
In every case, the intention is the same: to force you to visit a website. This infl ates the number of “hits” and the site’s ranking with search engines, which boosts the advertising revenue that the site can earn.
Browser hijackers can be very tenacious. Some can be removed automatically by security software. Others may need to be removed manually. In some cases, it is easier to restore the computer to an earlier state or reinstall the operating system.
Sophos.com
Wednesday, January 14, 2009
Boot sector viruses
Boot sector viruses spread by modifying the program that enables your computer to start up.
When you switch on a computer, the hardware looks for the boot sector program – which is usually on the hard disk, but can be on a fl oppy disk or CD – and runs it. This program then loads the rest of the operating system into memory.
A boot sector virus replaces the original boot sector with its own, modifi ed version (and usually hides the original somewhere else on the hard disk). When you next start up, the infected boot sector is used and the virus becomes active.
You can only become infected if you boot up your computer from an infected disk, e.g. a fl oppy disk that has an infected boot sector.
Boot sector viruses were the fi rst type of virus to appear, and they are mostly quite old. They are rarely encountered today.
Sophos.com
When you switch on a computer, the hardware looks for the boot sector program – which is usually on the hard disk, but can be on a fl oppy disk or CD – and runs it. This program then loads the rest of the operating system into memory.
A boot sector virus replaces the original boot sector with its own, modifi ed version (and usually hides the original somewhere else on the hard disk). When you next start up, the infected boot sector is used and the virus becomes active.
You can only become infected if you boot up your computer from an infected disk, e.g. a fl oppy disk that has an infected boot sector.
Boot sector viruses were the fi rst type of virus to appear, and they are mostly quite old. They are rarely encountered today.
Sophos.com
Tuesday, January 13, 2009
Bluesnarfing
Bluesnarfi ng is the theft of data from a Bluetooth phone.
Like Bluejacking, Bluesnarfi ng depends on the ability of Bluetooth-enabled devices to detect and contact others nearby.
In theory, a Bluetooth user running the right software on their laptop can discover a nearby phone, connect to it without your confi rmation, and download your phonebook, pictures of contacts and calendar.
Your mobile phone’s serial number can also be downloaded and used to clone the phone.
You should turn off Bluetooth or set it to “undiscoverable”. The undiscoverable setting allows you to continue using Bluetooth products like headsets, but means that your phone is not visible to others.
Sophos.com
Like Bluejacking, Bluesnarfi ng depends on the ability of Bluetooth-enabled devices to detect and contact others nearby.
In theory, a Bluetooth user running the right software on their laptop can discover a nearby phone, connect to it without your confi rmation, and download your phonebook, pictures of contacts and calendar.
Your mobile phone’s serial number can also be downloaded and used to clone the phone.
You should turn off Bluetooth or set it to “undiscoverable”. The undiscoverable setting allows you to continue using Bluetooth products like headsets, but means that your phone is not visible to others.
Sophos.com
Monday, January 12, 2009
Bluejacking
Bluejacking is sending anonymous, unwanted messages to other users with Bluetooth-enabled mobile phones or laptops.
Bluejacking depends on the ability of Bluetooth phones to detect and contact other Bluetooth devices nearby. The Bluejacker uses a feature originally intended for exchanging contact details or “electronic business cards”. He or she adds a new entry in the phone’s address book, types in a message, and chooses to send it via Bluetooth. The phone searches for other Bluetooth phones and, if it fi nds one, sends the message.
Despite its name, Bluejacking is essentially harmless. The Bluejacker does not steal personal information or take control of your phone.
Bluejacking can be a problem if it is used to send obscene or threatening messages or images, or to send advertising. If you want to avoid such messages, you can turn off Bluetooth, or set it to “undiscoverable”.
Bluetooth-enabled devices may also be at risk from the more serious Bluesnarfi ng.
Sophos.com
Bluejacking depends on the ability of Bluetooth phones to detect and contact other Bluetooth devices nearby. The Bluejacker uses a feature originally intended for exchanging contact details or “electronic business cards”. He or she adds a new entry in the phone’s address book, types in a message, and chooses to send it via Bluetooth. The phone searches for other Bluetooth phones and, if it fi nds one, sends the message.
Despite its name, Bluejacking is essentially harmless. The Bluejacker does not steal personal information or take control of your phone.
Bluejacking can be a problem if it is used to send obscene or threatening messages or images, or to send advertising. If you want to avoid such messages, you can turn off Bluetooth, or set it to “undiscoverable”.
Bluetooth-enabled devices may also be at risk from the more serious Bluesnarfi ng.
Sophos.com
Sunday, January 11, 2009
Backdoor Trojans
A backdoor Trojan allows someone to take control of another user’s computer via the internet without their permission.
A backdoor Trojan may pose as legitimate software, just as other Trojan horse programs do, so that users run it. Alternatively – as is now increasingly common – users may allow Trojans onto their computer by following a link in spam mail.
Once the Trojan is run, it adds itself to the computer’s startup routine. It can then monitor the computer until the user is connected to the internet. When the computer goes online, the person who sent the Trojan can perform many actions – for example, run programs on the infected computer, access personal fi les, modify and upload fi les, track the user’s keystrokes, or send out spam mail.
Well-known backdoor Trojans include Subseven, BackOrifi ce and, more recently, Graybird, which was disguised as a fi x for the notorious Blaster worm.
To avoid backdoor Trojans, you should keep your computers up to date with the latest patches (to close down vulnerabilities in the operating system), and run anti-spam and anti-virus software. You should also run a fi rewall, which can prevent Trojans from accessing the internet to make contact with the hacker.
Sophos.com
A backdoor Trojan may pose as legitimate software, just as other Trojan horse programs do, so that users run it. Alternatively – as is now increasingly common – users may allow Trojans onto their computer by following a link in spam mail.
Once the Trojan is run, it adds itself to the computer’s startup routine. It can then monitor the computer until the user is connected to the internet. When the computer goes online, the person who sent the Trojan can perform many actions – for example, run programs on the infected computer, access personal fi les, modify and upload fi les, track the user’s keystrokes, or send out spam mail.
Well-known backdoor Trojans include Subseven, BackOrifi ce and, more recently, Graybird, which was disguised as a fi x for the notorious Blaster worm.
To avoid backdoor Trojans, you should keep your computers up to date with the latest patches (to close down vulnerabilities in the operating system), and run anti-spam and anti-virus software. You should also run a fi rewall, which can prevent Trojans from accessing the internet to make contact with the hacker.
Sophos.com
Saturday, January 10, 2009
Adware
Adware is software that displays advertisements on your computer.
Adware, or advertising-supported software, displays advertising banners or pop-ups on your computer when you use the application. This is not necessarily a bad thing. Such advertising can fund the development of useful software, which is then distributed free (for example, the Opera web browser).
However, adware becomes a problem if it:
• installs itself on your computer without your consent
• installs itself in applications other than the one it came with and displays advertising when you use those applications
• hijacks your web browser in order to display more ads (see Browser hijackers)
• gathers data on your web browsing without your consent and sends it to others via the internet (see Spyware)
• is designed to be diffi cult to uninstall.
Adware can slow down your PC. It can also slow down your internet connection by downloading advertisements. Sometimes programming fl aws in the adware can make your computer unstable.
Advertising pop-ups can also distract you and waste your time if they have to be closed before you can continue using your PC.
Some anti-virus programs detect adware and report it as “potentially unwanted applications”. You can then either authorize the adware program or remove it from the computer. There are also dedicated programs for detecting adware.
Sophos.com
Adware, or advertising-supported software, displays advertising banners or pop-ups on your computer when you use the application. This is not necessarily a bad thing. Such advertising can fund the development of useful software, which is then distributed free (for example, the Opera web browser).
However, adware becomes a problem if it:
• installs itself on your computer without your consent
• installs itself in applications other than the one it came with and displays advertising when you use those applications
• hijacks your web browser in order to display more ads (see Browser hijackers)
• gathers data on your web browsing without your consent and sends it to others via the internet (see Spyware)
• is designed to be diffi cult to uninstall.
Adware can slow down your PC. It can also slow down your internet connection by downloading advertisements. Sometimes programming fl aws in the adware can make your computer unstable.
Advertising pop-ups can also distract you and waste your time if they have to be closed before you can continue using your PC.
Some anti-virus programs detect adware and report it as “potentially unwanted applications”. You can then either authorize the adware program or remove it from the computer. There are also dedicated programs for detecting adware.
Sophos.com
Friday, January 9, 2009
Virus timeline
When did viruses, Trojans and worms begin to pose a threat? Most histories of viruses start with the Brain virus, written in 1986. That was just the fi rst virus for a Microsoft PC, though. Programs with all the characteristics of viruses date back much further. Here’s a timeline showing key moments in virus history.
Sophos.com
1949 Self-reproducing “cellular automata”:
John von Neumann, the father of cybernetics, published a paper suggesting that a computer program could reproduce itself.
John von Neumann, the father of cybernetics, published a paper suggesting that a computer program could reproduce itself.
1959 Core Wars:
H Douglas McIlroy, Victor Vysottsky, and Robert P Morris of Bell Labs developed a computer game called Core Wars, in which programs called organisms competed for computer processing time.
H Douglas McIlroy, Victor Vysottsky, and Robert P Morris of Bell Labs developed a computer game called Core Wars, in which programs called organisms competed for computer processing time.
1960 “Rabbit” programs:
Programmers began to write placeholders for mainframe computers. If no jobs were waiting, these programs added a copy of themselves to the end of the queue. They were nicknamed “rabbits” because they multiplied, using up system resources.
Programmers began to write placeholders for mainframe computers. If no jobs were waiting, these programs added a copy of themselves to the end of the queue. They were nicknamed “rabbits” because they multiplied, using up system resources.
1978 The Vampire worm:
John Shoch and Jon Hupp at Xerox PARC began experimenting with worms designed to perform helpful tasks. The Vampire worm was idle during the day, but at night it assigned tasks to under-used computers.
John Shoch and Jon Hupp at Xerox PARC began experimenting with worms designed to perform helpful tasks. The Vampire worm was idle during the day, but at night it assigned tasks to under-used computers.
1975 Replicating code:
A K Dewdney wrote Pervade as a sub-routine for a game run on computers using the UNIVAC
1100 system. When any user played the game, it silently copied the latest version of itself into every accessible directory, including shared directories, consequently spreading throughout the network.
A K Dewdney wrote Pervade as a sub-routine for a game run on computers using the UNIVAC
1100 system. When any user played the game, it silently copied the latest version of itself into every accessible directory, including shared directories, consequently spreading throughout the network.
1971 The fi rst worm:
Bob Thomas, a developer working on ARPANET, a precursor to the internet, wrote a program called Creeper that passed from computer to computer, displaying a message.
Bob Thomas, a developer working on ARPANET, a precursor to the internet, wrote a program called Creeper that passed from computer to computer, displaying a message.
1981 Apple virus:
Joe Dellinger, a student at Texas A&M University, modifi ed the operating system on Apple II diskettes so that it would behave as a virus. As the virus had unintended side-effects, it was never released, but further versions were written and allowed to spread.
Joe Dellinger, a student at Texas A&M University, modifi ed the operating system on Apple II diskettes so that it would behave as a virus. As the virus had unintended side-effects, it was never released, but further versions were written and allowed to spread.
1982 Apple virus with side effects:
Rich Skrenta, a 15-year-old, wrote Elk Cloner for the Apple II operating system. Elk Cloner ran whenever a computer was started from an infected fl oppy disk, and would infect any other floppy put into the disk drive. It displayed a message every 50 times the computer was started.
Rich Skrenta, a 15-year-old, wrote Elk Cloner for the Apple II operating system. Elk Cloner ran whenever a computer was started from an infected fl oppy disk, and would infect any other floppy put into the disk drive. It displayed a message every 50 times the computer was started.
1985 Mail Trojan:
The EGABTR Trojan horse was distributed via mailboxes, posing as a program designed to improve graphics display. However, once run, it deleted all fi les on the hard disk and displayed a message.
The EGABTR Trojan horse was distributed via mailboxes, posing as a program designed to improve graphics display. However, once run, it deleted all fi les on the hard disk and displayed a message.
1986 The fi rst virus for 99 PCs:
The fi rst virus for IBM PCs, Brain, was allegedly written by two brothers in Pakistan, when they noticed that people were copying their software. The virus put a copy of itselfan d a copyright message on any fl oppy disk copies their customers made.
The fi rst virus for IBM PCs, Brain, was allegedly written by two brothers in Pakistan, when they noticed that people were copying their software. The virus put a copy of itselfan d a copyright message on any fl oppy disk copies their customers made.
1987 The Christmas tree worm:
This was an email Christmas card that included program code. If the user ran it, it drew a Christmas tree as promised, but also forwarded itself to everyone in the user’s address book. The traffi c paralyzed the IBM worldwide network.
This was an email Christmas card that included program code. If the user ran it, it drew a Christmas tree as promised, but also forwarded itself to everyone in the user’s address book. The traffi c paralyzed the IBM worldwide network.
1988 The Internet Worm:
Robert Morris, a 23-year-old student, released a worm on the US DARPA internet. It spread to thousands of computers and, due to an error, kept re-infecting computers many times, causing them to crash.
Robert Morris, a 23-year-old student, released a worm on the US DARPA internet. It spread to thousands of computers and, due to an error, kept re-infecting computers many times, causing them to crash.
1989 Trojan demands ransom:
The AIDS Trojan horse came on a fl oppy disk that offered information about AIDS and HIV. The Trojan encrypted the computer’s hard disk and demanded payment in exchange for the password.
The AIDS Trojan horse came on a fl oppy disk that offered information about AIDS and HIV. The Trojan encrypted the computer’s hard disk and demanded payment in exchange for the password.
1991 The fi rst polymorphic virus:
Tequila was the fi rst widespread polymorphic virus. Polymorphic viruses make detection diffi cult for virus scanners by changing their appearance with each new infection.
Tequila was the fi rst widespread polymorphic virus. Polymorphic viruses make detection diffi cult for virus scanners by changing their appearance with each new infection.
1992 The Michelangelo panic:
The Michelangelo virus was designed to erase computer hard disks each year on March 6 (Michelangelo’s birthday). After two companies accidentally distributed infected disks and PCs, there was worldwide panic, but few computers were infected.
The Michelangelo virus was designed to erase computer hard disks each year on March 6 (Michelangelo’s birthday). After two companies accidentally distributed infected disks and PCs, there was worldwide panic, but few computers were infected.
1994 The fi rst email virus hoax:
The fi rst email hoax warned of a malicious virus that would erase an entire hard drive just by opening an email with the subject line “Good Times”.
The fi rst email hoax warned of a malicious virus that would erase an entire hard drive just by opening an email with the subject line “Good Times”.
1995 The fi rst document virus:
The fi rst document or “macro” virus, Concept, appeared. It spread by exploiting the macros in Microsoft Word.
The fi rst document or “macro” virus, Concept, appeared. It spread by exploiting the macros in Microsoft Word.
1998 The fi rst virus to affect hardware:
CIH or Chernobyl became the fi rst virus to paralyze computer hardware. The virus attacked
the BIOS, which is needed to boot up the computer.
CIH or Chernobyl became the fi rst virus to paralyze computer hardware. The virus attacked
the BIOS, which is needed to boot up the computer.
1999 Email viruses:
Melissa, a virus that forwards itself by email, spread worldwide. Bubbleboy, the fi rst virus to
infect a computer when email is viewed, appeared.
Melissa, a virus that forwards itself by email, spread worldwide. Bubbleboy, the fi rst virus to
infect a computer when email is viewed, appeared.
2000 Palm virus:
The fi rst virus appeared for the Palm operating system, although no users were infected.
The fi rst virus appeared for the Palm operating system, although no users were infected.
2000 Denial-of-serviceattacks:
“Distributed denial-of-service” attacks by hackers put Yahoo, eBay, Amazon, and other high
profi le websites offl ine for several hours. Love Bug became the most successful email virus yet.
“Distributed denial-of-service” attacks by hackers put Yahoo, eBay, Amazon, and other high
profi le websites offl ine for several hours. Love Bug became the most successful email virus yet.
2001 Viruses spread via websites or network shares:
Malicious programs began to exploit vulnerabilities in software, so that they could spread without user intervention. Nimda infected users who simply browsed a website. Sircam used its own email program to spread, and also spread via network shares.
Malicious programs began to exploit vulnerabilities in software, so that they could spread without user intervention. Nimda infected users who simply browsed a website. Sircam used its own email program to spread, and also spread via network shares.
2003 Zombie, Phishing:
The Sobig worm gave control of the PC to hackers, so that it became a “zombie”, which could be used to send spam. The Mimail worm posed as an email from Paypal, asking users to confi rm credit card information.
The Sobig worm gave control of the PC to hackers, so that it became a “zombie”, which could be used to send spam. The Mimail worm posed as an email from Paypal, asking users to confi rm credit card information.
2004 IRC bots:
Malicious IRC (Internet Relay Chat) bots were developed. Trojans could place the bot on a computer, where it would connect to an IRC channel without the user’s knowledge and give control of the computer to hackers.
Malicious IRC (Internet Relay Chat) bots were developed. Trojans could place the bot on a computer, where it would connect to an IRC channel without the user’s knowledge and give control of the computer to hackers.
2005 Rootkits:
Sony’s DRM copy protection system, included on music CDs, installed a “rootkit” on users’ PCs, hiding fi les so that they could not be duplicated. Hackers wrote Trojans to exploit this security weakness and install a hidden “back door”.
Sony’s DRM copy protection system, included on music CDs, installed a “rootkit” on users’ PCs, hiding fi les so that they could not be duplicated. Hackers wrote Trojans to exploit this security weakness and install a hidden “back door”.
2006 Share price scams:
Spam mail hyping shares in small companies (“pumpand-dump” spam) became common.
Spam mail hyping shares in small companies (“pumpand-dump” spam) became common.
Sophos.com
Thursday, January 8, 2009
Resource shielding
Resource shielding protects you against attempts to access vulnerable parts of your computer.
Resource shielding analyzes the behavior of all the programs already running on your computer and blocks any activity that looks as if it could be malicious. For example, it checks any changes being made to the Windows registry, which may indicate that malware is installing itself so that it starts automatically whenever you restart the computer.
Resource-shielding products usually allow you to set up your own rules about which
resources should be protected.
Sophos.com
Resource shielding analyzes the behavior of all the programs already running on your computer and blocks any activity that looks as if it could be malicious. For example, it checks any changes being made to the Windows registry, which may indicate that malware is installing itself so that it starts automatically whenever you restart the computer.
Resource-shielding products usually allow you to set up your own rules about which
resources should be protected.
Sophos.com
Firewall
A fi rewall prevents unauthorized access to a computer or a network.
As the name suggests, a fi rewall acts as a barrier between networks or parts of a network, blocking malicious traffi c or preventing hacking attempts.
A network fi rewall is installed on the boundary between two networks. Usually this is between the internet and a company network. It can be a piece of hardware, or software running on a computer that acts as a gateway to the company network.
A client fi rewall is software that runs on an end user’s computer, protecting only that computer.
In either case, the fi rewall inspects all traffi c, both inbound and outbound, to see if it meets certain criteria. If it does, it is allowed; if not, the fi rewall blocks it. Firewalls can fi lter traffi c on the basis of
• the source and destination addresses and port numbers (address fi ltering)
• the type of network traffi c, e.g. HTTP or FTP (protocol fi ltering)
• the attributes or state of the packets of information sent.
A client fi rewall can also warn the user each time a program attempts to make a connection, and ask whether the connection should be allowed or blocked. It can gradually learn from the user’s responses, so that it knows which types of traffi c the user allows.
Sophos.com
As the name suggests, a fi rewall acts as a barrier between networks or parts of a network, blocking malicious traffi c or preventing hacking attempts.
A network fi rewall is installed on the boundary between two networks. Usually this is between the internet and a company network. It can be a piece of hardware, or software running on a computer that acts as a gateway to the company network.
A client fi rewall is software that runs on an end user’s computer, protecting only that computer.
In either case, the fi rewall inspects all traffi c, both inbound and outbound, to see if it meets certain criteria. If it does, it is allowed; if not, the fi rewall blocks it. Firewalls can fi lter traffi c on the basis of
• the source and destination addresses and port numbers (address fi ltering)
• the type of network traffi c, e.g. HTTP or FTP (protocol fi ltering)
• the attributes or state of the packets of information sent.
A client fi rewall can also warn the user each time a program attempts to make a connection, and ask whether the connection should be allowed or blocked. It can gradually learn from the user’s responses, so that it knows which types of traffi c the user allows.
Sophos.com
Anti-spam software
Anti-spam programs can detect unwanted email and prevent it from reaching users’ inboxes.
These programs use a combination of methods to decide whether an email is likely to be spam. They can:
• Block email that comes from computers on a blocklist. This can be a commercially available list or a local list of computer addresses that have sent spam to your company before.
• Block email that includes certain web addresses.
• Check whether email comes from a genuine domain name or web address.
Spammers often use fake addresses to try to avoid anti-spam programs.
• Look for keywords or phrases that occur in spam (e.g. “credit card”, “lose weight”).
• Look for patterns that suggest the email’s sender is trying to disguise their words (e.g. putting “hardc*re p0rn”).
• Look for unnecessary HTML code (the code used for writing web pages) used in email, as spammers often use this to try to conceal their messages and confuse anti-spam programs.
The program combines all the information it fi nds to decide the probability of an email being spam. If the probability is high enough, it can block the email or delete it, depending on the settings you choose.
Anti-spam software needs frequent updating with new “rules” that enable it to recognize the latest techniques used by spammers.
Sophos.com
These programs use a combination of methods to decide whether an email is likely to be spam. They can:
• Block email that comes from computers on a blocklist. This can be a commercially available list or a local list of computer addresses that have sent spam to your company before.
• Block email that includes certain web addresses.
• Check whether email comes from a genuine domain name or web address.
Spammers often use fake addresses to try to avoid anti-spam programs.
• Look for keywords or phrases that occur in spam (e.g. “credit card”, “lose weight”).
• Look for patterns that suggest the email’s sender is trying to disguise their words (e.g. putting “hardc*re p0rn”).
• Look for unnecessary HTML code (the code used for writing web pages) used in email, as spammers often use this to try to conceal their messages and confuse anti-spam programs.
The program combines all the information it fi nds to decide the probability of an email being spam. If the probability is high enough, it can block the email or delete it, depending on the settings you choose.
Anti-spam software needs frequent updating with new “rules” that enable it to recognize the latest techniques used by spammers.
Sophos.com
Anti-virus software
Anti-virus software can defend you against viruses, Trojans, worms and – depending on the product – spyware and other types of malware.
Anti-virus software uses a scanner to identify programs that are, or may be, malicious.
Scanners can detect:
• Known viruses – The scanner compares fi les on your computer against a library of “identities” for known viruses. If it fi nds a match, it issues an alert and blocks access to the fi le.
• Previously unknown viruses – The scanner analyzes the likely behavior of a program.
If it has all the characteristics of a virus, access is blocked, even though the fi le does not match known viruses.
• Suspicious fi les – The scanner analyzes the likely behavior of a program. If that behavior is of a kind usually considered undesirable, the scanner warns that it may be a virus.
Detection of known viruses depends on frequent updating with the latest virus identities.
There are on-access and on-demand scanners. Most anti-virus packages offer both.
On-access scanners stay active on your computer whenever you are using it. They automatically check fi les as you try to open or run them, and can prevent you from accessing infected fi les.
On-demand scanners let you start or schedule a scan of specifi c fi les or drives.
Sophos.com
Anti-virus software uses a scanner to identify programs that are, or may be, malicious.
Scanners can detect:
• Known viruses – The scanner compares fi les on your computer against a library of “identities” for known viruses. If it fi nds a match, it issues an alert and blocks access to the fi le.
• Previously unknown viruses – The scanner analyzes the likely behavior of a program.
If it has all the characteristics of a virus, access is blocked, even though the fi le does not match known viruses.
• Suspicious fi les – The scanner analyzes the likely behavior of a program. If that behavior is of a kind usually considered undesirable, the scanner warns that it may be a virus.
Detection of known viruses depends on frequent updating with the latest virus identities.
There are on-access and on-demand scanners. Most anti-virus packages offer both.
On-access scanners stay active on your computer whenever you are using it. They automatically check fi les as you try to open or run them, and can prevent you from accessing infected fi les.
On-demand scanners let you start or schedule a scan of specifi c fi les or drives.
Sophos.com
How to: choose passwords
Passwords are your protection against fraud and loss of confi dential information, but few people choose passwords that are truly secure.
Make your password as long as possible:
The longer it is, the harder it is to guess or to fi nd by trying all possible combinations (a “brute-force attack”). Use eight characters or more.
Use different types of characters:
Include numbers, punctuation marks, upper-case and lower-case letters.
Don’t use words that are in dictionaries:
Don’t use words, names or place-names that are usually found in dictionaries. Hackers can use a “dictionary attack” (i.e. trying all the words in the dictionary automatically) to crack these passwords.
Don’t use personal information:
Others are likely to know information such as your birthday, the name of your partner or child, or your phone number, and they might guess that you have used them as a password.
Don’t use your username:
Don’t use a password that is the same as your username or account number.
Use passwords that are diffi cult to identify as you type them in:
Make sure that you don’t use repeated characters or keys close together on the keyboard.
Consider using a passphrase:
A passphrase is a string of words, rather than a single word. Unlikely combinations of words can be hard to guess.
Try to memorize your password:
Memorize your password rather than writing it down. Use a string of characters that is meaningful to you, or use mnemonic devices to help you recall the password.
Don’t store your passwords on your computer or online:
Hackers may be able to access your computer and fi nd the passwords.
If you write down your password, keep it in a secure place:
Don’t keep passwords attached to your computer or in any easily accessible place.
Use different passwords for each account:
If a hacker breaks one of your passwords, at least only one account has been compromised.
Don’t tell anyone else your password:
If you receive a request to “confi rm” your password, even if it appears to be from a trustworthy institution or someone within your organization, you should never disclose your password. (See Phishing).
Don’t use your password on a public computer:
Don’t enter your password on a publicly available computer, e.g. in a hotel or internet café. Such computers may not be secure and may have keystroke loggers installed.
Change your passwords regularly:
The shorter or simpler your password is, the more often you should replace it.
Sophos.com
Make your password as long as possible:
The longer it is, the harder it is to guess or to fi nd by trying all possible combinations (a “brute-force attack”). Use eight characters or more.
Use different types of characters:
Include numbers, punctuation marks, upper-case and lower-case letters.
Don’t use words that are in dictionaries:
Don’t use words, names or place-names that are usually found in dictionaries. Hackers can use a “dictionary attack” (i.e. trying all the words in the dictionary automatically) to crack these passwords.
Don’t use personal information:
Others are likely to know information such as your birthday, the name of your partner or child, or your phone number, and they might guess that you have used them as a password.
Don’t use your username:
Don’t use a password that is the same as your username or account number.
Use passwords that are diffi cult to identify as you type them in:
Make sure that you don’t use repeated characters or keys close together on the keyboard.
Consider using a passphrase:
A passphrase is a string of words, rather than a single word. Unlikely combinations of words can be hard to guess.
Try to memorize your password:
Memorize your password rather than writing it down. Use a string of characters that is meaningful to you, or use mnemonic devices to help you recall the password.
Don’t store your passwords on your computer or online:
Hackers may be able to access your computer and fi nd the passwords.
If you write down your password, keep it in a secure place:
Don’t keep passwords attached to your computer or in any easily accessible place.
Use different passwords for each account:
If a hacker breaks one of your passwords, at least only one account has been compromised.
Don’t tell anyone else your password:
If you receive a request to “confi rm” your password, even if it appears to be from a trustworthy institution or someone within your organization, you should never disclose your password. (See Phishing).
Don’t use your password on a public computer:
Don’t enter your password on a publicly available computer, e.g. in a hotel or internet café. Such computers may not be secure and may have keystroke loggers installed.
Change your passwords regularly:
The shorter or simpler your password is, the more often you should replace it.
Sophos.com
How to: be safe on the internet
This section gives general advice on making safe use of email and the web. You should also see our tips on How to avoid being phished.
Don’t click on pop-up messages:
If you see unsolicited pop-ups, such as a message warning that a computer is infected and offering virus removal, don’t follow links or click to accept software downloads. Doing so could result in you downloading malicious software.
Don’t follow links in unexpected emails:
Such links can take you to bogus websites, where any confi dential information you enter, such as account details and passwords, can be stolen and misused. Always enter the website address you want to visit in the address bar in your browser.
Use different passwords for every site:
You should use a different password for each site where you have a user account. If a password is compromised, only one account will be affected.
Configure your internet browser for security:
You can disable Java or ActiveX applets, or ask to be warned that such code is running. For example in Microsoft Internet Explorer, select Tools|Internet|Options|Security|Custom Level and select the settings you want.
Consider blocking access to certain websites or types of web content:
In a company environment, you may want to prevent users from accessing sites that are inappropriate for workplace use, or that may pose a security threat (for example, by installing spyware on computers), or that may give offense. You can do this with web fi ltering software or a hardware “appliance”.
Use reputation filtering:
Reputation fi ltering software can check the sender addresses in email against a database that shows how often mail from that address is spam, or contains viruses, worms, etc. The software then assigns the email a “reputation” score that is used to decide whether to block the email or to slow down its delivery (giving priority to email with a better reputation).
Use firewalls:
A network fi rewall is installed at your company boundary and admits only authorized types of traffi c. A client fi rewall is installed on each computer on your network, and also allows only authorized traffi c, thereby blocking hackers and internet worms.
In addition, it prevents the computer from communicating with the internet via unauthorized programs.
Use routers:
You can use a router to limit connection between the internet and specifi c computers.
Many routers also incorporate a network firewall.
Sophos.com
Don’t click on pop-up messages:
If you see unsolicited pop-ups, such as a message warning that a computer is infected and offering virus removal, don’t follow links or click to accept software downloads. Doing so could result in you downloading malicious software.
Don’t follow links in unexpected emails:
Such links can take you to bogus websites, where any confi dential information you enter, such as account details and passwords, can be stolen and misused. Always enter the website address you want to visit in the address bar in your browser.
Use different passwords for every site:
You should use a different password for each site where you have a user account. If a password is compromised, only one account will be affected.
Configure your internet browser for security:
You can disable Java or ActiveX applets, or ask to be warned that such code is running. For example in Microsoft Internet Explorer, select Tools|Internet|Options|Security|Custom Level and select the settings you want.
Consider blocking access to certain websites or types of web content:
In a company environment, you may want to prevent users from accessing sites that are inappropriate for workplace use, or that may pose a security threat (for example, by installing spyware on computers), or that may give offense. You can do this with web fi ltering software or a hardware “appliance”.
Use reputation filtering:
Reputation fi ltering software can check the sender addresses in email against a database that shows how often mail from that address is spam, or contains viruses, worms, etc. The software then assigns the email a “reputation” score that is used to decide whether to block the email or to slow down its delivery (giving priority to email with a better reputation).
Use firewalls:
A network fi rewall is installed at your company boundary and admits only authorized types of traffi c. A client fi rewall is installed on each computer on your network, and also allows only authorized traffi c, thereby blocking hackers and internet worms.
In addition, it prevents the computer from communicating with the internet via unauthorized programs.
Use routers:
You can use a router to limit connection between the internet and specifi c computers.
Many routers also incorporate a network firewall.
Sophos.com
How to: avoid being phished
Never respond to emails that request personal fi nancial information:
You should be suspicious of any email that asks for your password or account details or includes links for that purpose. Banks or e-commerce companies do not usually send such emails.
Look for signs that an email is “phishy”:
Phishing mails usually use a generic greeting, such as “Dear valued customer”, because the email is spam and the phisher does not have your name. They may also make alarming claims, e.g. that your account details have been stolen or lost. The email often includes misspellings or substitute characters, e.g. “1nformati0n”, in an attempt to bypass anti-spam software.
Visit banks’ websites by typing the address into the address bar:
Don’t follow links embedded in an unsolicited email. Phishers often use these to direct you to a bogus site. Instead, you should type the full address into the address bar in your browser.
Keep a regular check on your accounts:
Regularly log into your online accounts and check your statements. If you see any suspicious transactions, report them to your bank or credit card provider.
Check the website you are visiting is secure:
Check the web address in the address bar. If the website you are visiting is on a secure server, it should start with “https://” (“s” for secure) rather than the usual “http://”. Also look for a lock icon on the browser’s status bar. This tells you that the website is using encryption, but doesn’t necessarily mean that the website is legitimate.
Be cautious with emails and personal data:
Look at your bank’s advice on carrying out safe transactions. Don’t let anyone know your PINs or passwords, do not write them down, and do not use the same password for all your online accounts. Don’t open or reply to spam emails as this lets the sender know that your address is valid and can be used for future scams.
Keep your computer secure:
Anti-spam software will prevent many phishing emails from reaching you. A fi rewall also helps to keep your personal information secure and block unauthorized communications. You should also run anti-virus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. Keep your internet browser up to date with the latest security patches.
Always report suspicious activity:
If you receive an email you suspect isn’t genuine, forward it to the spoofed organization. (Many companies have a dedicated email address for reporting such abuse.)
Sophos.com
You should be suspicious of any email that asks for your password or account details or includes links for that purpose. Banks or e-commerce companies do not usually send such emails.
Look for signs that an email is “phishy”:
Phishing mails usually use a generic greeting, such as “Dear valued customer”, because the email is spam and the phisher does not have your name. They may also make alarming claims, e.g. that your account details have been stolen or lost. The email often includes misspellings or substitute characters, e.g. “1nformati0n”, in an attempt to bypass anti-spam software.
Visit banks’ websites by typing the address into the address bar:
Don’t follow links embedded in an unsolicited email. Phishers often use these to direct you to a bogus site. Instead, you should type the full address into the address bar in your browser.
Keep a regular check on your accounts:
Regularly log into your online accounts and check your statements. If you see any suspicious transactions, report them to your bank or credit card provider.
Check the website you are visiting is secure:
Check the web address in the address bar. If the website you are visiting is on a secure server, it should start with “https://” (“s” for secure) rather than the usual “http://”. Also look for a lock icon on the browser’s status bar. This tells you that the website is using encryption, but doesn’t necessarily mean that the website is legitimate.
Be cautious with emails and personal data:
Look at your bank’s advice on carrying out safe transactions. Don’t let anyone know your PINs or passwords, do not write them down, and do not use the same password for all your online accounts. Don’t open or reply to spam emails as this lets the sender know that your address is valid and can be used for future scams.
Keep your computer secure:
Anti-spam software will prevent many phishing emails from reaching you. A fi rewall also helps to keep your personal information secure and block unauthorized communications. You should also run anti-virus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. Keep your internet browser up to date with the latest security patches.
Always report suspicious activity:
If you receive an email you suspect isn’t genuine, forward it to the spoofed organization. (Many companies have a dedicated email address for reporting such abuse.)
Sophos.com
How to: avoid spam
Use email fi ltering software at your email gateway:
You should run email fi ltering software at the email gateway, as this will protect your business from spam, as well as email-borne spyware, viruses and worms.
Never make a purchase from an unsolicited email:
By making a purchase, you are funding future spam. Your email address may also be added to lists that are sold to other spammers, so that you receive even more junk email. Worse still, you could be the victim of a fraud.
If you do not know the sender of an unsolicited email, delete it:
Most spam is just a nuisance, but sometimes it can contain a virus that damages or compromises the computer when the email is opened.
Never respond to any spam messages or click on any links in the message:
If you reply to spam – even to unsubscribe from the mailing list – you confi rm that your email address is a valid one, so encouraging more spam.
Don’t use the preview mode in your email viewer:
Many spammers can track when a message is viewed, even if you don’t click on the email. The preview setting effectively opens the email and lets spammers know that you receive their messages. When you check your email, try to decide whether a message is spam on the basis of the subject line only.
Use the “bcc” fi eld if you email many people at once:
The “bcc” or blind copy fi eld hides the list of recipients from other users. If you put the addresses in the “To” fi eld, spammers may harvest them and add them to mailing lists.
Never provide your email address on the internet:
Don’t publish your email address on websites, newsgroup lists or other online public forums. Spammers use programs that surf the internet to fi nd addresses in such places.
Only give your main address to people you trust:
Give your main email address only to friends and colleagues.
Use one or two secondary email addresses:
If you fi ll out web registration forms or surveys on sites from which you don’t want further information, use a secondary email address. This protects your main address from spam.
Opt out of further information or offers:
When you fi ll out forms on websites, look for the checkbox that lets you choose whether to accept further information or offers. Check or uncheck the box as appropriate.
Sophos.com
You should run email fi ltering software at the email gateway, as this will protect your business from spam, as well as email-borne spyware, viruses and worms.
Never make a purchase from an unsolicited email:
By making a purchase, you are funding future spam. Your email address may also be added to lists that are sold to other spammers, so that you receive even more junk email. Worse still, you could be the victim of a fraud.
If you do not know the sender of an unsolicited email, delete it:
Most spam is just a nuisance, but sometimes it can contain a virus that damages or compromises the computer when the email is opened.
Never respond to any spam messages or click on any links in the message:
If you reply to spam – even to unsubscribe from the mailing list – you confi rm that your email address is a valid one, so encouraging more spam.
Don’t use the preview mode in your email viewer:
Many spammers can track when a message is viewed, even if you don’t click on the email. The preview setting effectively opens the email and lets spammers know that you receive their messages. When you check your email, try to decide whether a message is spam on the basis of the subject line only.
Use the “bcc” fi eld if you email many people at once:
The “bcc” or blind copy fi eld hides the list of recipients from other users. If you put the addresses in the “To” fi eld, spammers may harvest them and add them to mailing lists.
Never provide your email address on the internet:
Don’t publish your email address on websites, newsgroup lists or other online public forums. Spammers use programs that surf the internet to fi nd addresses in such places.
Only give your main address to people you trust:
Give your main email address only to friends and colleagues.
Use one or two secondary email addresses:
If you fi ll out web registration forms or surveys on sites from which you don’t want further information, use a secondary email address. This protects your main address from spam.
Opt out of further information or offers:
When you fi ll out forms on websites, look for the checkbox that lets you choose whether to accept further information or offers. Check or uncheck the box as appropriate.
Sophos.com
How to: avoid hoaxes
Have a company policy on virus warnings:
Set up a company policy on virus warnings. For example: “Do not forward any virus warnings of any kind to ANYONE other than the person responsible for anti-virus issues. It doesn’t matter if the virus warnings come from an anti-virus vendor or have been confi rmed by a large computer company or your best friend. ALL virus warnings should be sent to [name of responsible person] only. It is their job to notify everybody of virus warnings. A virus warning which comes from any other source should be ignored.”
Keep informed about hoaxes:
Keep informed about hoaxes by visiting the hoaxes pages on our website www.sophos.com/security/hoaxes/
Don’t forward chain letters:
Don’t forward a chain letter, even if it offers you rewards for doing so, or claims to be distributing useful information.
Sophos.com
Set up a company policy on virus warnings. For example: “Do not forward any virus warnings of any kind to ANYONE other than the person responsible for anti-virus issues. It doesn’t matter if the virus warnings come from an anti-virus vendor or have been confi rmed by a large computer company or your best friend. ALL virus warnings should be sent to [name of responsible person] only. It is their job to notify everybody of virus warnings. A virus warning which comes from any other source should be ignored.”
Keep informed about hoaxes:
Keep informed about hoaxes by visiting the hoaxes pages on our website www.sophos.com/security/hoaxes/
Don’t forward chain letters:
Don’t forward a chain letter, even if it offers you rewards for doing so, or claims to be distributing useful information.
Sophos.com
Wednesday, January 7, 2009
How to: avoid viruses, Trojans, worms and spyware
Use anti-virus software:
Install anti-virus software on all your desktops and servers, and ensure they are kept up to date. New viruses can spread extremely quickly, so have an updating infrastructure in place that can update all the computers in your company seamlessly, frequently, and at short notice. Run email filtering software at your email gateway as well, in order to protect your business from the threats of email-borne viruses, spam and spyware.
And don’t forget to protect your laptop computers and desktop computers used by home workers. Viruses, worms and spyware can easily use these devices to enter your business.
Block file types that often carry viruses:
These include EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT fi le types. It is unlikely that your organization will ever need to receive fi les of these types from the outside world.
Block files with more than one fi le-type extension:
Some viruses disguise the fact that they are programs by using a double extension, such as .TXT.VBS, after their fi lename. At fi rst glance a fi le like LOVE-LETTER-FORYOU. TXT.VBS or ANNAKOURNIKOVA.JPG.VBS looks like a harmless text fi le or a graphic. Block any file with double extensions at the email gateway.
Ensure all programs are checked by the IT department:
Ensure that all programs received from the outside world via email go directly to your IT department or, in the case of small businesses, your IT person, for checking and approval. They can confi rm that it is virus-free, properly licensed, unlikely to conflict with existing software, and is suitable.
Subscribe to an email alert service:
An alert service can warn you about new viruses and offer virus identities that will enable your anti-virus software to detect them. Sophos has a free alert service. For details, see www.sophos.com/security/notifi cations. Consider adding a live virus information feed to your website or intranet to ensure your users know about the very latest computer viruses.
Use a fi rewall on computers connected to the internet:
You should use a fi rewall to protect computers that are connected to the outside world. Laptops and home workers will also need fi rewall protection.
Stay up to date with software patches:
Watch out for security news and download patches. Such patches often close loopholes that can make you vulnerable to viruses or internet worms. IT managers should subscribe to software vendors’ mailing lists such as that at www.microsoft.com/technet/security/bulletin/notify.mspx. Home users who have Windows computers can visit windowsupdate.microsoft.com, where you can scan your PC for security loopholes and find out which patches to install.
Back up your data regularly:
Make regular backups of important work and data, and check that the backups were successful. You should also fi nd a safe place to store your backups, perhaps even offsite in case of fi re. If you are infected with a virus, you will be able to restore any lost programs and data.
Disable booting from floppy disks:
Boot sector viruses are rarely seen now, but you may want to protect yourself from them. Change the bootup sequence on PCs so that they always boot from the hard disk fi rst, rather than trying to boot from fl oppy disk (drive A:). Then, even if an infected fl oppy disk is left in the computer, it cannot be infected by a boot sector virus. Should you need to boot from a fl oppy disk, the setting can easily be switched back.
Introduce an anti-virus policy:
Produce a policy for safe computing in the workplace and distribute it to all staff. Such a policy could include:
• Don’t download executables and documents directly from the internet.
• Don’t open unsolicited programs, documents or spreadsheets.
• Don’t play computer games or use screensavers which did not come with the operating system.
• Submit email attachments to the IT department for checking.
• Save all Word documents as RTF (Rich Text Format) fi les, since DOC fi les can harbor macro viruses.
• Treat any unexpected email with suspicion.
• Forward virus warnings or hoaxes directly to IT (and no-one else) to confi rm whether they are genuine or not.
• Inform IT immediately if you think your computer may have been infected with a virus.
Sophos.com
Install anti-virus software on all your desktops and servers, and ensure they are kept up to date. New viruses can spread extremely quickly, so have an updating infrastructure in place that can update all the computers in your company seamlessly, frequently, and at short notice. Run email filtering software at your email gateway as well, in order to protect your business from the threats of email-borne viruses, spam and spyware.
And don’t forget to protect your laptop computers and desktop computers used by home workers. Viruses, worms and spyware can easily use these devices to enter your business.
Block file types that often carry viruses:
These include EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT fi le types. It is unlikely that your organization will ever need to receive fi les of these types from the outside world.
Block files with more than one fi le-type extension:
Some viruses disguise the fact that they are programs by using a double extension, such as .TXT.VBS, after their fi lename. At fi rst glance a fi le like LOVE-LETTER-FORYOU. TXT.VBS or ANNAKOURNIKOVA.JPG.VBS looks like a harmless text fi le or a graphic. Block any file with double extensions at the email gateway.
Ensure all programs are checked by the IT department:
Ensure that all programs received from the outside world via email go directly to your IT department or, in the case of small businesses, your IT person, for checking and approval. They can confi rm that it is virus-free, properly licensed, unlikely to conflict with existing software, and is suitable.
Subscribe to an email alert service:
An alert service can warn you about new viruses and offer virus identities that will enable your anti-virus software to detect them. Sophos has a free alert service. For details, see www.sophos.com/security/notifi cations. Consider adding a live virus information feed to your website or intranet to ensure your users know about the very latest computer viruses.
Use a fi rewall on computers connected to the internet:
You should use a fi rewall to protect computers that are connected to the outside world. Laptops and home workers will also need fi rewall protection.
Stay up to date with software patches:
Watch out for security news and download patches. Such patches often close loopholes that can make you vulnerable to viruses or internet worms. IT managers should subscribe to software vendors’ mailing lists such as that at www.microsoft.com/technet/security/bulletin/notify.mspx. Home users who have Windows computers can visit windowsupdate.microsoft.com, where you can scan your PC for security loopholes and find out which patches to install.
Back up your data regularly:
Make regular backups of important work and data, and check that the backups were successful. You should also fi nd a safe place to store your backups, perhaps even offsite in case of fi re. If you are infected with a virus, you will be able to restore any lost programs and data.
Disable booting from floppy disks:
Boot sector viruses are rarely seen now, but you may want to protect yourself from them. Change the bootup sequence on PCs so that they always boot from the hard disk fi rst, rather than trying to boot from fl oppy disk (drive A:). Then, even if an infected fl oppy disk is left in the computer, it cannot be infected by a boot sector virus. Should you need to boot from a fl oppy disk, the setting can easily be switched back.
Introduce an anti-virus policy:
Produce a policy for safe computing in the workplace and distribute it to all staff. Such a policy could include:
• Don’t download executables and documents directly from the internet.
• Don’t open unsolicited programs, documents or spreadsheets.
• Don’t play computer games or use screensavers which did not come with the operating system.
• Submit email attachments to the IT department for checking.
• Save all Word documents as RTF (Rich Text Format) fi les, since DOC fi les can harbor macro viruses.
• Treat any unexpected email with suspicion.
• Forward virus warnings or hoaxes directly to IT (and no-one else) to confi rm whether they are genuine or not.
• Inform IT immediately if you think your computer may have been infected with a virus.
Sophos.com
Basic Virus Glossary
Adware
Adware is a type of advertising display software whose primary purpose is to deliver advertising content in a manner or context that may be unexpected and unwanted by users.
Malware
Malware is a general term for a range of malicious software including viruses, worms, Trojan horses and spyware.
Spyware
Spyware is a term used to describe a broad set of applications that send information from a computer to a third party without the user's permission or knowledge. Spyware Trojans and spyware worms are Trojans and Win32 worms that also exhibit behaviour attributed to spyware.
Trojan
A seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Trojans are sometimes used in conjunction with viruses. A backdoor Trojan is a program that allows other computer users to gain access to your computer across the internet.
Virus
A computer program that copies itself. Often viruses will disrupt computer systems or damage the data contained upon them. A virus requires a host program and will not infect a computer until it has been run. Some viruses spread across networks by making copies of themselves or may forward themselves via email. The term 'virus' is often used generically to refer to both viruses and worms.
Worm
A type of virus that does not need a host program. It has the ability to self-replicate and often will use email and the internet to spread.
Sophos.com
Adware is a type of advertising display software whose primary purpose is to deliver advertising content in a manner or context that may be unexpected and unwanted by users.
Malware
Malware is a general term for a range of malicious software including viruses, worms, Trojan horses and spyware.
Spyware
Spyware is a term used to describe a broad set of applications that send information from a computer to a third party without the user's permission or knowledge. Spyware Trojans and spyware worms are Trojans and Win32 worms that also exhibit behaviour attributed to spyware.
Trojan
A seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Trojans are sometimes used in conjunction with viruses. A backdoor Trojan is a program that allows other computer users to gain access to your computer across the internet.
Virus
A computer program that copies itself. Often viruses will disrupt computer systems or damage the data contained upon them. A virus requires a host program and will not infect a computer until it has been run. Some viruses spread across networks by making copies of themselves or may forward themselves via email. The term 'virus' is often used generically to refer to both viruses and worms.
Worm
A type of virus that does not need a host program. It has the ability to self-replicate and often will use email and the internet to spread.
Sophos.com
Subscribe to:
Posts (Atom)
