IPA :Computer Virus Incident Reports

Computer Virus Incident Reports [Summary]

December 4, 2002

Information-technology Promotion Agency
Security Center (IPA/ISEC)

Violation of privacy by a virus !?
Have a general review of security countermeasures for year change period !!

This is a summary of Computer Virus Incident Reports for November 2002 compiled by IPA: Information-technology Promotion Agency.

1. Computer Virus Incident Reports

In November, 1,408 reports were submitted to IPA (October’s reports were 1,510 reports).
The top number of viruses reported were W32/Klez having 613 reports, W32/Bugbear having 185 reports, and W32/Brid, a new virus, having 54 reports. All of the mentioned maliciously uses the security hole (*1).

1-1. Viruses which maliciously use the security hole proliferate !

The top 5 viruses reported in November maliciously use the security hole, and within that type, if infected by a virus which sends the data file and/or the system information within the computer to outside world, there is a possibility of privacy being violated.

Top number of viruses reported in November
(*including number of variants)

	Number of reports	Date of 1st report	brief overview of the virus
W32/Klez	613	2001.11	Sending the data file
W32/Bugbear	185	2002.10	Creating a backdoor
W32/Opaserv	113	2002.10	Infects the shared folder
VBS/Redlof	62	2002. 8	Infects by viewing the body
W32/Brid	54	2002.11	Leakage of system information

The above mentioned viruses are maliciously using the security hole, hence infection results just by opening the e-mail by Outlook, or just by previewing the e-mail by Outlook Express. It is an urgent necessity for users using Windows to apply the latest version of the security patch (*2) in order to eliminate the security hole.

*1: A part of the OS and the application where there is insufficient security measurements in place, or a defect
*2: A modified program for eliminating the security hole

1-2. Method for eliminating the security hole

Apply the security patch or else update the version of the software. For specifics, please refer to the websites listed below.

Microsoft "Windows Update"
Netscape "Security Note"

2. Warning for this month:
"Have a general review of countermeasures for year change period !! "
Welcome the New Year with perfect condition !

Looking in to the year end period, there will be an increase in exchange of e-mails related to the season. There is a possibility of virus and/or hoax e-mail which might represent themselves as a Christmas card or a New Year’s card emerging, so having preventative countermeasures are essential.

Moreover, there was a case where by agreeing to a consent form, greeting cards were sent to all addresses on the address book, so agreeing without checking the details or any other clicking without caution is not preferable.

Precautions for handling the attached files

:: Even if the e-mail with attachment came from acquaintance, doubt it

There is a possibility of an e-mail with file sent by an acquaintance, may have been sent by a virus without the sender’s knowledge. Ingenious psychological methods are used to make the person open the attached file, hence this kind of e-mail from an acquaintance should be the one to doubt for having a virus.

:: Do not attach something which could be sent as a part of the e-mail body

Try to avoid sending an e-mail with an attachment since the recipient will feel anxiety through scanning for the virus; but when attaching, it is preferable to be considerate by describing the content and stating that there is a file attached in the e-mail body.

5 hints for how to handle an e-mail attachment

To the system administrators

During the year change period, it is expected for the system administrators to be absent, and once a virus infection, falsification of the web, interception of e-mail, and other unauthorized accesses occur, there is a possibility of enlarging the damage area during the absence.

Refer to the information provided below, double-check the situation of the usual security countermeasures taken, and please have a full preparation ready.

"Information on information security countermeasure practice" (Japanese)

*Emergency Prompt action Caution needed

Computer Virus Incident Reports for November, 2002 (full report)

Inquiry: IPA Security Center (IPA/ISEC)

(ISEC: Information technology SEcurity Center)
TEL: +81-3-5978-7508 FAX: +81-3-5978-7518
E-mail:
Emergency call: +81-3-5978-7509
URL: http://www.ipa.go.jp/security/index-e.html

Top Page

IT Security