Your PC is being
Manipulated by Virus!?
This is a summary of Computer Virus / Unauthorized
Computer Access Incident Reports for October 2004 compiled by IPA
I. Computer Virus Incident Reports
The reported numbers [1]
for October was 4,654 for which lower than
5,000 from the 3 month-interval compared with 5,404 marked in
September. In addition, virus detection number [2]
was 3,120,066 for which decreased 11.0%
compared with 3,506,000 marked in September. However, it still
moves high rate so that please be staying alert.
In relation to W32/Netsky , 1,243
reports were rushed for which became the worst 1 reported
number for continuum of 8 months. W32/Bagle was for 485 and W32/Mydoom
was for 385 subsequently followed.
[1] Reported
Number: Upon aggregation of virus counts, same kind and its variants
reported in a same day are counted as 1 case even how many are
found by a same filer in a same day.
[2] Detection
Number: Upon reporting, virus detection counts (cumulative) found
by a filer. For October, the reported number resulted 4,654 upon
aggregation of virus detection counts marked 3,120,066.
1. Be Cautious not to Fooled
by a New Virus, W32/Bagz
W32/Bagz and W32/Darby
are the viruses newly emerged in October which spread
infection through attachment file to e-mail. They infect when
you open attachment file to e-mail, they send out virus
mails to the addresses collected from your PC, halt
security products' functions .
W32/Bagz uses such technique to masquerade attachment
file as if it is a Word file. Please pay attention to handle attachment
file and do not open it unconsciously to be fooled.
Example: Screen image
of W32/Bagz mail
2. The Viruses
Halting Security Products' Functions
As previously described in above
1., there are certain viruses that stops security products' functions
such as virus protection software, personal firewall, etc. upon
infection (Please see attachment 1, page 2.).
Those PCs after being infected by such virus;
i. you
cannot check up viruses by using anti-virus software, error (message)
is displayed and you cannot do that;
ii. if
you try to install anti-virus software to remove virus, error
is occurred and you cannot even install it; etc.
Unless you can specify
the virus name, it would be difficult to take adequate security
measures (if the virus name is realized, you can determine security
measures adequately.).
In case you cannot use anti-virus software, it
may be able to specify virus name by using virus check up service
on-line. They are provided at following vendors' Web sites; please
utilize them for your check ups. For some viruses, however, such
services will not work out.
There may be available to specify virus name in
another method. If virus name is
realized , we can consult you
for further countermeasures; please contact to IPA Security Center
(ISEC).
Information
Desk for Computer Virus/Unauthorized Computer Access:
03-5978-7509 (business
hours: 10:00 12:00, 13:30 17:00 M F)
Unfortunately, you cannot specify the cause (or
virus), please initialize your PC as the last resort. Please be
aware that you can back up those data necessary before you go
initialization process, they can be re-utilized after initialization.
3. W32/Netsky Spreading Still Remains!
The detection number of W32/Netsky
was about 2,700,000 for which decreased about
10% less from about 3,000,000 marked in September. However, it
still takes over 86.9% for over all of virus detection number
and the spreading status continues overwhelmingly; please be cautious
for handling mail to avoid damage from infection.
(Both numbers in parenthesis are the reported numbers
in the previous month and the %s are the ratio taking over for
the whole viruses.)
II. Status for Reported
Unauthorized Computer Access
The reported numbers for October
was 53 for which increases about 89.3% compared
with 28 marked in September and was again exceeded over 50. Further,
reported number for damage was 3
and is increased from 2 marked in September.
Case Example
of Damage:
- Failed
to apply modification program for Windows, fraudulent file has been
written in the Web server.
- Files
stored in PC were altered, stolen access authority as administrator
and exploited as Stepping Stones against the other sites since failed
to apply modification program.
Resolving Security Holes should be Done
Immediately, but Deliberately
Of 2 for 3 damage reports
were the damages caused by security holes. Security holes are existed
in variety of OS and application software. You are to collect
latest information by checking vendor's site routinely where you
are using. It is necessary to apply modification programs immediately
since the duration between emergence of exploit and publicized
information after detection of security hole is getting shortened.
However, it may be a
case that it causes flaws by applying modification programs. If
it is the case that the defects caused in such computers used in
offices, it may cause trouble in business. It should be,
therefore, confirm it in testing environment in advance
before you go applying modification programs. In case modification
program cannot be applied, you are to conduct countermeasures
according to vendor's information.
III. Reminder for this Month:
Your PC is being Manipulated!?
- Damage is being expanded unconsciously
Among consultations rushed to IPA, following case
examples can be counted as many.
1) Unknown icon is existed on desktop screen;
2) The starting page has been differed from the one which
initially been set;
3) Malicious program
has been downloaded unconsciously.
Of damages mentioned above, you can realize anomaly
status if such symptoms are visible. However, if backdoor is being
trapped, your PC is manipulated from outside and those data stored
in PC is stolen without realizing it and is likely to be exploited
as the source of spam mail. Current virus tends to increasing such
types which traps backdoors when infects; you are to remind to prevent
damages by installing anti-virus software, resolving security hole,
etc.
For your further
reference:
Information in relation to anti-virus software (in
Japanese)
http://www.ipa.go.jp/security/antivirus/vacc-info.html
Windows Update
http://windowsupdate.microsoft.com
To enhancing security on browser and e-mail
(in Japanese)
http://www.microsoft.com/japan/security/incident/settings.mspx
The details are as follows;
- Computer virus Incident
Report [Details]
- Unauthorized Computer Access
Incident Report [Details] |
Japanese