Fully Check for
Security Countermeasures Toward End of the Year!!
This is a summary of Computer Virus
/ Unauthorized Computer Access Incident Reports for November 2004
compiled by IPA
I. Computer Virus Incident Reports
The reported number [1]
in November was 5,308 for which increased
14.1% compared with 4,654 marked in October and again exceeded
over 5,000. While virus detection number [2]
was about 2,916,000 for which decreased
6.5% compared with about 3,120,000 marked in October.
For W32/Netsky , 1,315
cases were reported for November which became the worst
1 reported number for the past 9-month' continuum. W32/Bagle for
654 and W32/Mydoom for 394 were subsequently followed.
[1] Reported
Number: Upon aggregation of virus counts, same kind and its variants
reported in a same day are counted as 1 case even how many are
found by a same filer in a same day.
[2] Detection
Number: Upon reporting virus detection counts (cumulative) found
by a filer. For November, the reported numbers resulted 5,308
upon aggregation of virus detection counts marked about 2,910,000.
1. The New Virus W32/Bofra
Infects Instantly Upon Clicking Links
W32/Bofra virus newly emerged
in November is the virus infecting instantly upon clicking links
attached to mail body being sent out. In typical virus mail, it
infects and expands by opening attachment to mail, but the W32/Bofra
virus does not carry its attachment files.
Do not feel ease yourself, however, even any files
are not attached and prevent to click any links unnecessarily
. In addition, do not fail to update your virus definition
files within virus protection software to check your mails received.
When infected, W32/Bofra
virus collects addresses from address books, etc. and sends out
virus mails to acquired addresses. Further, it creates backdoor
to those computers infected for penetration from outside. In case
infected, it is necessary to response with a removal tool.
Example of W32/Bofra
virus mail
2. W32/Netsky
Tends to Decrease, but still Maintain High Level!
The detection number for W32/Netsky
in November was about 2,280,000 that the tendency
decreases in number comparing with about 2,710,000 in October
and about 3,000,000 in September. However, detection number for
W32/Bagle in November was about 340,000 which
more than tripled comparing with the detection number of 100,000
in October. Such increase assumed to be emergence of new variant.
Overall of virus detection
number is being maintained approx. of 3,000,000 and the status
of spreading retains; it is also assumable of new virus or another
variant's emergence so that handling mails should be sufficiently
taken care of.
(Both numbers in parenthesis are the reported
numbers in the previous month and the %s are the ratio taking
over for the whole viruses.)
II. Status for Reported
Unauthorized Computer Access
Reported numbers for November
was 28 for which decreased about 47.2% comparing
with 53 marked in October. However, damage report
was 8 for which increased from 3 marked in October.
Breakdown for the damage report were 5 for intrusion, 1 for spoofing
mail address, 2 for others (damage from downloading of malicious
codes, etc.).
Case Example:
- Fraudulently be logged in to computer
from outside by exploiting security holes since security patches
have not been applied and unnecessary services are in operation.
- Penetrated into Web server and the
pages are being modified because of insufficient setting of accessing
right.
You are to again confirm
whether ID and/or password are adequately managed, security hole
is solved, service is not unnecessarily in operation and accessing
authorization appropriately be given as well.
Open Ended Damages by Browsing Home Pages
Here in IPA, many of following consultation supposed
to be damage from browsing Home Pages are received.
- Bowser's starting page is being
changed to suspicious page written in English and unable to return
to the original page even changing its setting.
- Upon conducting virus check, more
than 10 kinds of virus and Trojan Horses, etc. are detected.
Of case examples similar to above, quite a few should
go initialization process as there's no way to recovery. As previously
mentioned, it is necessary to execute following
countermeasures together with periodic virus check
accordingly.
- Applying security patches
(modification program) such as basic OS, browser, etc.
- Installation of anti-virus
software
- Change of settings in browser
Further, it is important to follow principles such
as:
- do not download and execute
such programs unnecessarily which are published as convenient
tool and/or program on unreliable site;
- do not browse suspicious
site;
- do not click any Home Page
Address (link) easily published on Home Page or mail;
as basic countermeasures.
(Reference)
“Increase Your Browsing and Security Safety”
(in English)
http://www.microsoft.com/security/incident/settings.mspx
III. Reminder
for This Month: “ Fully Check for Security Countermeasures Toward
End of the Year
Be Ease with Full of
Countermeasures on New Year's Eve
Toward New Year's Eve, exchanging mails such as
e-Xmas cards and e-new year's greetings, etc. tends to increase
and thus, it is likely to emerge virus/hoax mails spoofed to be
such e-greetings.
Recent viruses' infection methodology is getting
artfulness such as masquerading to be error mail, camouflaging to
be icon, etc. Further, a new methodology called Phishing
[3] is also emerged;
it is not directly related to virus, though.
It is getting important to pay careful attention
as well as to execute technical measures such as utilizing anti-virus
software, fixing security holes to prevent such suffering by easily
be fooled.
(Reference) Technical measures:
“7 points for virus countermeasures for computer
users” (in Japanese)
http://www.ipa.go.jp/security/antivirus/7kajonew.html
“5 tips for handling attachment file to e-mail”
(in Japanese)
http://www.ipa.go.jp/security/antivirus/attach5.html
“Windows Update”
http://windowsupdate.microsoft.com/
[3]Camouflage
Fraud using Web.
What is Phishing?
An act by masquerading to be an e-mail from a banking
corporation, etc. to have the recipient access to false Home Pages
to have them input private financial information (credit card numbers,
ID, password, etc.), etc. to acquire private information fraudulently.
Until this point, such fraudulent mails are mostly
written in English, however, its Japanese version is also emerged
from November for which likely cause newer damage. If you receive
similar mails mentioned above, please do not fail to conduct countermeasures
to confirm with already endorsed telephone numbers and/or Home Pages
other than using contact address and/or URL written onto suspicious
mail whether the mail is real or not since requiring your credit
card number and/or expiration date in such form is unlikely to be
happened.
To System Administrators:
- Asking to Conduct Countermeasures Towards Holiday Season Between
New Year's Eve and A New Year –
Between New Year's Eve and New Year, it is assumable
that system administrators are out of office so that once damages
such as virus/worm infection, Web alteration and/or unauthorized
mail relay would be happened, it is likely to enlarge damaged
area while you were out .
Please refer to countermeasures underneath to reconfirm
routine security countermeasures and to take necessary countermeasures
for formulating thoroughgoing measures.
“Practicing Information for Information Security
Countermeasures” (in Japanese)
http://www.ipa.go.jp/security/awareness/administrator/administrator.html
The details are as follows;
- Computer virus Incident
Report [Details]
- Unauthorized Computer Access
Incident Report [Details] |
Japanese
