A Perfect Virus for Imperfect Users

A Perfect Virus for Imperfect Users
Getting back to the basics

Here’s a little special something to brighten your day. That nice virus protection software you own isn’t worth diddly squat – at least when it comes the new ecard attack that is currently sidestepping even the once adequate defenses of companies who are doing all the right things.

The ecard virus is just another example of why one mission of eMazzanti Technologies is to provide you ongoing advice on protecting your network. The awful reality is the bad guys are always a step ahead and this little baby, which can take you out at the knees, is an example.

This latest e-mail attack is part of a recent increase in “greetings” that encourage users to click on a link in the body of the e-mail to view an apparently legitimate site but, instead, links to malicious code or malware. The latest version of this type of blended threat includes the subject line “Movie-quality ecard” and provides an e-mail address of the sender to trick the recipient into clicking on the harmful link.

The remedy? Simple. Delete it. The reason ecard fearlessly walks by your current protection is it has no attachment. Clicking on the Web site address link in the e-mail triggers an installation of one or two files on your machine, designed to capture user data. Because the download is automatic your curiosity is all that’s required to really screw up the works.

These links in the ecard lead to IP addresses in various locations, including the U.S. and Eastern Europe, and many that are registered to U.S. Internet Service Providers (ISPs). Some addresses have been associated with previous evil doings, and others from ISPs are actually personal computers that have been infected with the malicious code to execute this exploit. The downloaded files are new variants of the Storm Worm that was first detected in January 2007.

“Us against them” is not an unhealthy posture when it comes to protecting your stuff. But, how do you know that you’ve just been skewered?

Your computer may be infected with a virus if:

– You have opened an e-mail attachment from a person you do not know.

– You have opened a file attached to an e-mail message which contains no personal information or does not mention the attachment.

– You have opened an e-mail attachment or another file whose name contains multiple extensions (e.g., resume.doc.lnk) or a .vbs or .pif extension (e.g., LOVE-LETTER-FOR-YOU.TXT.vbs).

– Your computer is suddenly crashing or running slowly.

– You receive error messages whenever you start up your computer or try to launch an application.

– Unknown program windows appear and disappear after you start up your computer.

What if my computer gets a virus?

Not all damage to your programs and files is caused by viruses. You also need to consider failing hard drives, user error, and poorly written programs which can all cause your PC to act a little goofy. If your computer is behaving strangely, or if you think your computer has a virus, the path of least resistance is to use an anti-virus program to do your hunting for you.

– If your computer is infected with a virus, take a breath. Just use an anti-virus program to remove the virus yourself, or turn off your computer and chase down someone who knows how to extricate it.

– If a virus is active in memory, it may prevent anti-virus programs from working correctly. To be sure no virus is active, turn off your computer and reboot from a known-clean system diskette before you begin the disinfection process.

– Toss all copies of the virus. Check all your diskettes, and let it be known to everyone on staff the virus is out there.

Simple steps to defend against viruses, spyware and adware

– Installing anti-virus software on all of your desktops and servers is just the beginning. You need to ensure they are kept up to date. New viruses are born everyday and they can travel and spread quickly. It is important you can update all the computers in your company seamlessly, frequently, and on short notice.

– Run a consolidated email filtering solution at your email gateway to protect your business from the threats of email-borne viruses, spam and spyware.

– Don’t forget to protect your laptop computers and desktop computers used by home workers. Ensure they are running up-to-date virus protection as viruses, worms and spyware can easily use these devices to enter your business.

– Consider filtering potentially malicious emails at the email gateway as this can provide a level of pro-active protection against new threats.

More options:

Block file types that are often virus carriers

Block any file with more than one file type extension

Ensure all executable code sent to your organization is checked and approved

Protect the gateway and remote users with firewalls

Stay up-to-date with software patches

Back up your data regularly

Disable booting from floppy disks

Introduce an anti-virus policy

Ban downloading executables and documents directly from the internet.

Ban running unsolicited executables/documents/spreadsheets within the organization

Ban playing computer games or using screensavers which did not come with the operating system.

Create an IT checking and approval system for executables that arrive via email from the outside world.

Ask the staff to do the following:

Save all Word documents as RTF files which can harbor macro viruses.
Treat with suspicion any newly-arrived email that they weren’t expecting.
Forward any virus warnings or hoaxes directly to IT (and no-one else) to confirm whether they are genuine or not.

Staff should inform IT immediately if they think their computer has been infected with a virus