W32/Netsky Virus Remains
to Spread!!
This is a summary of Computer Virus /
Unauthorized Computer Access Incident Reports for May 2004
compiled by IPA
1. Computer Virus Incident Reports
In May, 5,439 reports were submitted
to IPA for which the rate was increased about 35% compared to
4,028 reports recorded in April.
Of 1,984 reports is for W32/Netsky which still
remains higher rate that recorded 1,767 in April and 1,795 in
March respectively. Then, 464 reports for W32/Bagle and 383 reports
for W32/klez follow.
(1) New Worm W32/Sasser Emerged!!
During Golden Week [1]
in May, a new worm, W32/Sasser emerged
(IPA received 29 reports). Your computer gets infected by the
Sasser worm simply connecting to the internet. As the worm exploits
security holes of Windows 2000 and Windows XP unless you are receiving
e-mails nor browsing home pages; the worm penetrates easily if
your computer is connected to the internet.
When penetrated by W32/Sasser ,
an error message is suddenly displayed and your computer
is shut down after count-down . In addition, the worm
attacks the computers that are connected to the internet to spread
its copies.
[1]
Japan 's longest holidays which start
from April 29 and end May 5.
Illustration of W32/Sasser's
spread by exploiting security holes
In case your computer gets infected…
- Remove the worm from your computer.
Remove the worm from your computer utilizing removal
tool for Sasser worms provided by accessing the following
site.
“Information for new worm W32/Sasser (in Japanese)”
http://www.ipa.go.jp/security/topics/newvirus/sasser.html
- Apply modification program.
Apply modification program to
fix security holes that can be penetration gateways for the worms.
Windows Update (Microsoft)
http://windowsupdate.microsoft.com/
(2) W32/Netsky Virus Mails Overflow!!
Here in IPA, upon compilation of virus report, we
count as 1 case per the same kind of virus found in a single day
regardless how many virus and its variants are reported by same
filer.
The reported numbers of 5,439 is the compilation
result from the gross virus detection numbers of about 3,364,000
cases filed in May. Following graphs show virus gross number for
virus detection and virus reported numbers.
 
As of June 2, 2004, of 93% of gross detected numbers are for W32/Netsky
that has 29 variants and reign extremely speedier compared
with the other viruses.
Some of variants infect your computer when you simply
preview mails without opening attached files as many cases virus
mails were sent out without knowing that your computer is infected.
Be sure not to being a part spreading viruses unconsciously,
please conduct virus checking with your computer one more time.
Information for “W32/Netsky” virus' variants
(including introduction of anti-virus software): (in Japanese)
http://www.ipa.go.jp/security/topics/newvirus/netsky-q.html
2. Status for Reported Unauthorized Access
Reported numbers in May is 96 cases
which marked 74.5% higher rate comparing with 55 cases reported
in April. Reported numbers for Access Probe is drastically increased
from 49 cases reported in April to 88 cases, but the reported
number for suffering damage is 6 cases which is exactly
the same number reported in April. The break-down are; 3 for intrusion,
1 for mail address spoofing and 2 for others (damage caused by unauthorized
programs.)
Modify Your Computer's
Settings to Avoid Suffering Damage from the Internet Browsing!!
In May, following consultations come over to IPA
Security Center continuously as in April:
• Internet Explorer start page has
changed to an adult site.
• When clicked e-bulletin links,
new pages opened over and over and could not quit.
Most of all damages mentioned above are caused by
malicious programs, etc. which misuse such Web browser function
as Internet Explorer, etc. Therefore, it can be probable to avoid
suffering damage by disabling such functions as the example shown
underneath.
Example of Internet Explorer
Setup
However, this setup is not effective enough to avoid every damage.
It is necessary to counter following
measures in parallel :
• Apply security patches (modification
programs) on basic OS, browser, etc.;
• Install anti-virus
software.
As for general security measures available are:
• DO NOT download/execute any programs
without cautiousness even they are published as handy tool or
software if they are onto trustless site;
• DO NOT browse suspicious
site;
• DO NOT click to
any links onto Home Page easily.
It is important to observe
above mentioned principles to protect your computer from any of
unauthorized access.
Reference
“Security measures against any risks with regard
to Web surfing and utilizing e-mails by individual users (in Japanese)”
http://www.ipa.go.jp/security/ciadr/cm01.html#user
3. Reminder for This Month: “Utilize Firewall!”
Firewall is a Must for Full-time Internet
Connection!!
To counter against virus attacks which infect while
simply connecting to the Internet as W32/Sasser do, it is
very effective to countermeasure by utilizing firewall .
The effects by installing firewall are listed below:
• Able to interfere unauthorized
access from outside;
• Able to avoid
unnecessary information transmission;
• Able to retain
historical information (logs) pertaining to unauthorized access,
etc;
The software which provides both anti-virus software
and firewalls function in 1 is available. It is strongly recommended
to install such software if your computer is in full-time internet
connection environment (ADSL, CATV, etc.).
Firewall function is integrated with Windows XP,
it should be set enabled (initial setting is disabled.).
How to setup firewall (Microsoft)
http://www.microsoft.com/security/protect/windowsxp/firewall.asp
The details are as follows;
- Computer virus Incident
Report [Details]
- Unauthorized Computer Access
Incident Report [Details]
|
Japanese