November 6, 2001
Information-technology Promotion Agency
Security Center (IPA/ISEC)
Computer Virus Incident Reports[Summary]
W32/Nimda, a series of mass infection, damaged over 300 machines!!
This is a summary of Computer Virus Incident Reports of October 2001 compiled by IPA: Information-technology Promotion Agency(President: Shigeo Muraoka)
1241 reports were submitted
to IPA in October. The W32/Nimda virus is taking less of a toll
on unsuspecting computer users these days
and the number of reports decreased dramatically
compared with the number(2238 reports) in
the last month.
However, both the percentage of actual damage(those
who were actually infected by a virus as
opposed to those who were exposed but not
infected) by W32/Nimda virus(56.3%) and that
percentage by all reported viruses(22.8%)
still remain high.
15 reports stated that more than
50 machines were infected with W32/Nimda
virus. The worst report stated that more than 300 machines were infected and that there was a significant cost in manpower
and lost time. Manpower alone was estimated on a per person
basis to the more than 200 work days.
Shared folders on a LAN promotes spreading
of viruses!!
W32/Nimda and some of other viruses have
the ability to infect files in the shared
folders. If the machine infected with one
of those viruses is connected to a LAN, the
files in the shared folders(i.e. the files
on other machines on the LAN) will be automatically
infected. In such case, it is difficult to
foresee how much damage the virus will cause
on the network.
Let's review sharing properties!!
As a measure against those viruses, it is very important to choose proper options for the folders that are to be shared, even if your machine is supposed to be connected to a private network. It is not a good idea to apply insecure options to these folders, such as sharing entire C drive with full accessibility (read/write accessibility without password protection).
In case a drive needs to be shared, it is recommended only to share a minimum set of necessary folders and to apply password protection as well.
You can see whether or not a folder is shared
by looking at its icon.(figure A & B)
To disable sharing, open its sharing properties
and select the check button with "Not
Shared" label.(figure C)
PS,this is the case of using image under Japanese.
Note: Virus that spread its infection via LAN
| |
NUMBER OF REPORTS |
DATE OF THE FIRST REPORT |
OUTLINE OF VIRUS
|
| W32/Sircam |
2726 |
Jul 2001
|
Create copies of itself in shared folders |
| W32/QAZ |
416 |
Sep 2000
|
Infects Notepad.exe in shared folders |
| W32/ExploreZip |
22 |
Jun 1999 |
Destroy files in shared folders |
Warinig for this month: Secure with anti-virus
software
-----Suspicious mail should be sent to Recycle
Bin-----
The number of reports decreased. However,
we still had lots of inquiries from users
who didn't have anti-virus software. These
inquiries were mainly to ask for the judgement
of whether or not the file is a virus. Some
users decided to open the file to make sure
what it was, and manytime we were asked such
a question as "I couldn't open the file.
Does this mean I got infected ?"
Inspect your machine with anti-virus software!!
If a suspicious mail with an
attachment arrives, you had better check
it with anti-virus software. By doing so,
you can make sure whether or not it includes
a virus. In case of containing a virus, delete
the entire mail. There is no possibility
of being infected by doing so.
If your machine operates abnormally, inspect your machine with anti-virus software to make sure whether or not it 's infected.
We overtime have been asked questions, such as "Anti-virus software detected a virus file, but couldn't disinfect the file". If the entire file is a virus itself, there's no way of removing only virus parts from a file. In such case, just erase(delete) the file.
Viruses that infects files
(W32/CIH, W32/Funlove, etc)
Worms
(W32/Hybris, W32/Sircam, etc)
Advertising mail and mail from
people you don't know are usually unnecessary. Delete them without opening, especially in cases where it has an executable attachment. It's too dangerous to double-click the attachment, because you can not guess what it will do.
No new kind of viruses is reported
and the number of reports decreased this
month. Still users need continuous attention
in case a new threatening virus appears.
Information: IPA Security Center (IPA/ISEC)
(ISEC: Information technology SEcurity Center)
TEL: 03-5978-7508 FAX: 03-5978-7518 E-mail: isec-info@ipa.go.jp
Emergency call: 03-5978-7509
URL: http://www.ipa.go.jp/security/
Computer Virus Incident Reports for
November,
2001(full report)
