Viruses' Tactics are
Getting More Ingenious!!
This is a summary of
Computer Virus / Unauthorized Computer Access
Incident Reports for September 2004 compiled
by IPA
I. Computer Virus Incident Reports
The reported number [1]
for September was 5,404 . Since from May
2004, over 5,000 reports are rushed to IPA which moves at high
rate excluding the one reported for July. In addition, the virus
detection number [2] was
3,506,000 for which increased about 7.1% from
3,273,000 for which marked in August.
For W32/Netsky , 1,448
cases were reported for September which became the worst
1 reported number for the past 7 months' continuum. W32/Bagle
for 530 and W32/Mydoom for 455 were subsequently followed.
[1] Reported
Number: Upon aggregation of virus counts, same kind and its variants
reported in a same day are counted as 1 case even how many are
found by a same filer in a same day.
[2]
Detection Number: Upon reporting,
virus detection counts (cumulative) found by a filer. For September,
the reported numbers resulted 5,404 upon aggregation of virus
detection counts marked 3,506,000.
1.
Be Cautious for
not Being Fooled by Virus
Those viruses such as W32/Netsky ,
W32/Bagle , etc. are not only spoofing sender's
e-mail address but also using variety of techniques to have you
open attachment files to the e-mails. Please be cautious with
the mail shown below for not being infected by being fooled unconsciously.
i
) Masquerade to be an error mail
Since this type of virus is delivered as
an error mail for unknown addressee, receiver open attachment
files to confirm errors in the contents.
Virus mail masquerading
an error mail
ii) Masquerade such e-mails
as if They are from Renowned Corporation or Support Center
Receiver opens attachment files that he/she
deems modification programs that are delivered from Microsoft
or its support center, etc.
In case attachment files are delivered even
from a renowned corporation, be cautious not to open the files
easily and try to check viruses by using anti-virus software.
For your further reference, modification programs are rarely distributed
as attachment files; rather, it is much common to download them
from provider's home page.
iii)
Use such Subject or Text that you may be Interested in
Such file name or subject i.e., “your
password” or “new photos from my party!” for which you may
be interested in fool you to open attachment files.
Example: your_password, new photos from my party!
2. W32/Netsky
Remains to Spread!
W32/Zafi or W32/Mydoom viruses tend
to decline, but the detected number for W32/Netsky
is about 3,000,000 for which rises about 16%
from 2,586,000 marked in August. Tactics tempt to infection getting
sophisticated day by day; please be cautious handling e-mails
to avoid infection.
(Both numbers in parenthesis are the reported
numbers in the previous month and the %s are the ratio taking
over for the whole viruses.)
II. Status
for Reported Unauthorized Computer Access
The reported numbers for September
was 28 for which decreased about 53.3% compared
with 60 which marked in August. Damage report numbers were 2 for
which decreased drastically from 11 which marked in August. The
damage report numbers above are both for intrusion.
Case example:
- Damage in relation to mail server,
on ssh (Secure Shell) service used for logged in to computer through
network was illegally logged in by executing password tracking.
In addition, malicious codes were embedded.
- Interfaced PC with organizational
LAN was used for unauthorized spam relay as its settings and management
of proxy which centrally manages the access to/from the network
were not adequate.
Unnecessary Services should
be Stopped/Deleted
No wonder if number of services is being in operation
on server configured, it is likely to have threats in relation to
unauthorized computer access. Dedicated servers here in IPA observation
environment, accesses to the Port 22 (TCP) for which assumes to
be a password-cracking to ssh is gradually increased from the last
2 weeks of July.
Unnecessary services should be stopped/deleted
and you are to operate minimum of services upon necessity. In
addition, it should be confirmed whether vulnerable accounts
or passwords are not set, access limitation are adequately
set or not, etc.
Information Security Measures Practicing Information
for System Administrators (in Japanese)
http://www.ipa.go.jp/security/awareness/administrator/administrator.html
III. Reminder for this Month: “
Do you Use Anti-Virus Software Adequately?
”
To utilize anti-virus software effectively, it
is necessary to understand following 3 tips. If they are not conducted,
it means to be “sit on a gold mine” which is quite similar that
you are not conducting any countermeasures against viruses.
Tip 1:
Anti-virus software is being installed?
Any actions cannot be taken if you
do not possess anti-virus software. Some anti-virus software is
initially installed to most of current PCs, please confirm if it
is in place.
Tip 2:
Anti-virus software is being updated?
Anti-virus software possesses some
data files to detect virus and is updated to latest data each time
new virus is emerged. If you use anti-virus software without reflecting
any updates, the anti-virus software is not able to detect newer
emerged viruses. Automatic update is also available; do not forget
your anti-virus software is in fresh.
Generally, those data for anti-virus software is
able to be updated free of charge for 12 months immediately after
its purchase. However, of anti-virus software for which initially
installed to a PC upon purchase, there may be such anti-virus software
which is available for only limited duration of 3 months, etc. so
that you are to check if yours is not being out of date.
Tip 3:
Anti-virus software is adequately set?
Even anti-virus software is installed
; it cannot maximize
its ability unless it is adequately set. Please confirm followings
as important settings :
- Yours is
under constant monitoring settings which avail to real time oversight?
It oversees data's to and from
and it halts virus's action by displaying alert in case virus
file is opened unconsciously.
- Inspection
object is adequately set?
It is likely that only a certain
file or holder sets as inspection objects. Virus camouflages itself
differently from time to time; it is important that all of files
should consider as inspection objects.
- Scanning is regularly conducted?
In order to check virus penetration
before installing anti-virus software or updating definition files,
it is recommended to conduct virus scan within your computer once
a week basis. Conducting regular check ups enables you to detect
virus earlier in case your computer is infected.
Since there are many viruses for which symptoms
are invisible; it is very much likely that many people are spreading
virus mail without knowing that their PC is infected. In case your
friends or acquaintances with whom you exchange e-mails back and
forth have not yet installed anti-virus software within their PC,
please recommend them to conduct virus check ups.
The details are as follows;
- Computer virus Incident
Report [Details]
- Unauthorized Computer Access
Incident Report [Details] |
Japanese
