IBEW
Join Us

Sign up for the lastest information from the IBEW!

Related ArticlesRelated Articles

 

getacrobat

Print This Page    Send To A Friend    Text Size:
About Us
Home > News > Journal > December 2002

TECHBEAT

Computer Worms and Viruses:
Is Your Network Next?

December 2002 IBEW Journal 

As the world becomes more dependent on technology, systems become more prone to techno-glitches. Some threats, such as software bugs, are unintentional, but many are specifically created to weaken or destroy systems.

"Cracking" is the term for infiltrating computer systems with malicious intent. In the early days, crackers broke into systems simply to prove that it could be done; now they often have profit-based motivescracking to get free goods or services, including stealing credit card information. Presently, we are seeing a proliferation of politically motivated crackers, such as the attack on Afghanistans official Web site in September of last year, which resulted in the sites removal from the Internet. Most breaches are caused by malicious software.

Malware

Malicious software, or "malware," are programs that have been created to do harm. All malware currently falls into one of three categories: viruses, worms or Trojan Horses. However, as technology becomes more advanced, new forms of malware are emerging. Sometimes, different forms of malware are merged to create blended threats.

1. Viruses

First seen in 1981, viruses are the oldest type of malware that changes how a computer functions. It self-executes and self-replicates. There are approximately 30,000 active viruses. However, only a small number of these viruses have the potential to cause significant damage; most only survive in the computer laboratory in which they were created.

A file infector spreads by attaching to program files and, when the program is running, self-installing and then infecting the next software application. File infectors are not prolific because they tend to crash the operating system (OS) and they cannot adapt to a new OS, which makes them the least resilient of the viruses.

A boot sector virus attaches to the boot record of hard disks and floppy disks. When the computer is booted, this virus loads itself into the computer memory. These viruses can infect all hard disks and diskettes of the infected computer. However, boot-sector viruses are no longer a significant threat since few people boot from a floppy disk.

Unlike file infectors and boot-sector viruses, a macro virus infects data files instead of program files. Since people exchange data more frequently than programs, this is the easiest virus to spread and is most often disseminated through e-mail attachments.

2. Worms

A worm is a self-replicating program. that can copy itself from one disk drive to another or use a transportation mechanism, such as e-mail or Internet Relay Chat (IRC). Worms generally damage the integrity of a computer.

One of the most prolific and well-known worms was the ILOVEYOU. On May 3, 2000, this worm was sent out from Manila, Philippines. Within five hours it had spread through North America, Europe and Asia via e-mail and caused tens of millions of dollars in damage. Within hours of receiving the worm, many of the major anti-virus software companies had developed patches against this worm and dispatched them to registered users.

Worms can also affect computers in other ways such as preventing Web site access. This is called distributed denial-of-service (DDoS). A DDoS plagued the White House Web site on July 19, 2001. First the Code Red worm was sent out to vulnerable computers. More than 250,000 computers were infected allowing the Code Red worm to use the infected computers as zombies (see glossary). The zombies constantly sent requests to the White House Web site. This prevented other users from being able to connect to the site, because of the number of computers trying to access the site. However, the White House neutralized the attack by changing the Web sites address. An effective DDoS would have made the site process more slowly and could have caused the site to crash.

3. Trojan Horses

Trojan horses, or "Trojans," get their name from Homers Iliad. After failing to breach the walls of the city of Troy, the Greeks presented Troy with a large wooden horse in which they had hidden their warriors. During the night the hidden warriors emerged and seized the city.

Did You Know?
Laptops, personal digital assistants and modern mobile phones are at risk from malware. An infected mobile device can corrupt an entire network.

As the name implies, Trojans are presented as benevolent programs but have ulterior purposes, such as stealing passwords. The thief sends an e-mail with a file attached, usually a joke or screensaver program. After the user installs the software, it operates in the manner expected but carries out the hidden agenda by tracking passwords and then sending them back to the thief through a self-created Internet link. Trojan horses are also used to steal other valuable information, such as credit card data.

Preventing or
Mitigating Damage

To prevent the damage caused by malware attacks, do not let malware reach your computer. Once your system is attacked, you might not be able to recover your files. Virus engineers can be quite ingenious at finding paths into your system.

Anti-virus software stops viruses and other malware by scanning files entering your system through e-mail or disk drives. Then malware warnings and anti-virus updates are sent to registered users of the software when new malware is detected. Anti-virus software also detects damage caused by viruses, removes the virus, and allows the user to reinstall the program or file that has been damaged.

But anti-virus software is often inadequately used. If the software is not set to automatically scan files or there are not regular updates to the software, it is not effective. In some cases, updates cannot be created and disseminated fast enough to prevent infection.

Some Steps For Protecting
Against Malware
  • Keep anti-virus software active
  • Keep login information secure
  • Only download software if you are sure of the source
  • Scan all e-mail attachments for malware
  • Adhere to the network security policy posted in your workplace
  • Close Internet connections when not in use

Another tool against malware intrusion is a firewall. A firewall is hardware or software that creates a defensive boundary between a private network and the public network or between different sections of a network. It filters both inbound and outbound traffic and checks for unauthorized files. An effective firewall can prevent malware from infiltrating a computer network, but many firewalls offer inadequate protection against intrusion.

A firewall can be defeated in three ways:

Going around the firewall is usually the easiest. As more office equipment requires network and Internet access, there are more avenues for attacks. Script kiddies (see glossary) will often choose to attack by going around the firewall, since they are able to use pre-configured scripts that can find vulnerable openings.

Invading a network by slipping code through the firewall can be either very difficult or extremely easy, depending on the firewall. Once the seemingly legitimate information cloaking coding has slipped through the firewall, a connection is opened for the invader.

The final way to defeat a firewall is by controlling the gatekeeper, the part of the firewall coding that determines the files that can enter the network. Control of the gatekeeper can defeat the firewall by giving entry to files that should not gain access and by denying legitimate interface. The best way to prevent all forms of intrusion is to have multiple firewalls throughout the network.

Protecting computer systems from malware attacks is an omnipresent task in the 21st century; current information is the best defense. Current malware information is available at several sites on the Internet, such as:

  • securityresponse.symantec.com/
  • www.mcafee.com/antivirus/default.asp1
Glossary

Blended Threatincorporating two or more malware into a computer attack

Bugincorrectly written code that causes a program to work improperly

Crackersomeone who breaks into computer systems with malicious intent.

Crashwhen a computer locks up and has to be rebooted

DDoS (distributed denial-of-service)
a cracker prevents legitimate access to a Web site by overloading the site with requests

Firewallhardware or software that creates a defensive boundary between a private network and the public network or between different sections of a network

Gatekeeperthe part of the firewall coding that acts as an interface to the public

Hackersomeone who likes to take code apart, see how it works, and create new software

In the wildin the real world instead of in the computer laboratory in which they were created. This phrase denotes the place where malware exists

IP addressan identifier for any device, including computers, on a TCP/IP network, which is 32-bit numeric address written as four multi-digit numbers separated by periods

IRC (Internet Relay Chat)a program that allows instantaneous communication between two or more people through an Internet connection

Malware (malicious software)software created to harm a computer system

Script kiddiescrackers who infiltrate computer systems by using downloadable, pre-configured scripts instead of creating new scripts to crack computer systems

Scripta program created in an interpreted programming language. It usually has lesser function and scope than regular compiled computer languages

Zombiecomputer that has been infected with software that is installed onto servers. The computer is then accessed remotely or carries out the actions caused by the software without the system administrators knowledge

International Brotherhood of Electrical Workers, AFL-CIO, CLC
900 Seventh Street, N.W. Washington DC 20001
Telephone: 202-833-7000, Fax: 202-728-7676
Home | About Us | Join the IBEW | Departments | Political Action | Resources | IBEW Merchandise | En Espanol
Copyright ©2008 IBEW. IBEW is a registered trademark. All rights reserved | Privacy | Sitemap