This is a summary of Computer Virus Incident Reports of February 2002 compiled by IPA: Information-technology Promotion Agency (President: Shigeo Muraoka).

1439 reports were submitted to IPA in February. The number of reports has decreased for the last 2 months. And the actual damage dropped from 13.6% of January to 8.8%, which was the smallest in these 3 years. Judging from the facts, it seems that there has been getting more common to take appropriate measurements against viruses that misuse vulnerabilities.

However, for a modified variant of W32/Klez (An original version appeared in January), which also misuses a vulnerability, we received more reports in this month, and this kind of virus still cover 60% of the total reports. So we still need measurements, such as resolving the vulnerabilities.

There was one noticeable report that W32/Nimda propagated itself to 100 PCs through a LAN. After that, it needed 40 people (8 people/day times 5 days) to just repair the infected PCs. In addition to that, for all PCs connected by a network, the network-shutdown for scanning the PCs and a determination of the scale, as well as the final checks for the infection and restarting the network etc. after the repair was required. It took about 7 days to do all these work. Considering the loss of when shutdowned the network, there was quite a huge total loss for that.
Even if a mail server conducts the virus-check, once an infected laptop is connected to a LAN in the office, it infects all through the network. It is important that a laptop with a vulnerability in network settings or without anti-virus software won't connect to a LAN.

The number of reports of a variant of W32/Badtrans seems to be decreasing (1381 reports in January to 649 reports in February). On the contrary, the same types of viruses, which misuse vulnerabilities, such as a variant of W32/Klez and W32/Shoho etc. have appeared one after the other. Moreover, there are malicious programs/wares/codes that damage PCs by exploiting vulnerabilities. To avoid those threads, you are highly recommended to take the following measurements and secure your PC.

1. Verify the version of running software

   Specially, the browser and email software

   Usually, you can verify it from "Help" in the menu and go to "Version Information".

   
   Figure: An example of Microsoft's Internet Explorer,under Japanese

2. Verify whether or not there is a vulnerability in a software by the vender's web site There are information on the vulnerabilities at IPA's or venders' web sites.

   • Security and vulnerability Information (IPA/ISEC)
     http://www.ipa.go.jp/security/news/news.html (Japanese)
   • Security Note (Netscape)
     http://www.netscape.com/ja/security/
   • Security Measurements Quick guide to home users (Microsoft)
     http://www.microsoft.com/japan/enable/products/security/
     default.asp (Japanese)

3. If there is a vulnerability, apply a repair program or update the version. In terms of the proceedings, you can get a detailed description of the steps from relevant web sites.

   New vulnerability is found daily. It is possible that the newest one is misused. You need to take a measurement for viruses with anti-virus software along with taking these 3 steps regularly so as to deal with the vulnerabilities.

   Update your Windows now!!

   Go to "Windows Update" by Microsoft (http://windowsupdate.microsoft.com/) and select "Update Products". Then you can find repair programs that you need, so download and execute. This is how you deal with the vulnerabilities.

• Computer Virus Incident Reports for February, 2002(full report)

IPA Security Center (IPA/ISEC)
(ISEC: Information technology SEcurity Center)
Phone: 03-5978-7508  FAX: 03-5978-7518  E-mail:
Emergency call: 03-5978-7509
URL: http://www.ipa.go.jp/security/index-e.html