Transformed virus market requires a new level of protection

Tackling viruses, spam and spyware is not as simple as installing an anti-virus program, says Riaan Otto, GM of 10Net ICT Solutions, the local distributor of Marshal solutions.

The nature of viruses has changed and with that the potential harm they inflict on the infected systems and their owners.

The first recorded virus found in the wild was the BRAIN virus that originated in Pakistan in 1986.

But viruses originated long before that. In 1972 Dan Edwards was a member of the US National Security Agency (NSA) and coined the term Trojan horse for a macro utility that violated security.

In 1973 and 1974 researchers at the Naval research laboratories in the US used a Trojan horse to crack the EXEC VIII operating system of a UNIVAC 1108.

Between 1972 and 1975 US air force researchers used Trojan horses and trapdoors to gain confidential information from a MULTICS system.

The speed of the Internet today means that viruses now spread faster than ever before. The Code Red virus ensured that the NIMDA virus had a back door through which to enter a victim`s system. They modified Web files and certain executable files only on Windows systems. They attacked unpatched Microsoft IIS servers and defaced Web pages, often leaving text that read: "Welcome to http://www.worm.com! Hacked by Chinese!"

The damage caused by NIMDA and Code Red was a pain for system administrators and caused quite significant damage as well as financial losses.

NIMDA and Code Red are typical of older viruses developed by computer boffins and spotty teenagers. Today a quick search will reveal a plethora of Web sites that explain how to write a virus.

But the modern virus is typically a hacker tool that allows a nefarious programmer to take control of a computer system and blackmail the owner. Organised crime has moved into the cyber neighbourhood.

Because of this trend, viruses have changed from deleting files and defacing Web sites to capturing keystrokes, for example, and leaving backdoors open to hackers. They are quieter and not so easily noticed because they have little impact on the infected system until activated. Typically they gather information and feed it back to a handler who uses it for nefarious purposes. Information gathered ranges from passwords and login details to credit card numbers.

E-mail addresses are culled, thrown into databases and sold on the cyber underground to the highest bidder. Spam is alive and well and spammers still make sales.

Possibly the worst possible type of infection is from a Bot that joins infected systems to a Botnet. Wikipedia defines Botnet as: "... jargon term for a collection of software robots, or bots, which run autonomously. A botnet`s originator can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes." That nefarious purpose may be to sell the Botnet off to the highest bidder who can then install any form of code on the network of infected machines, from spyware to malware.

Phishing is an older yet equally effective method of cracking. Wikipedia defines it as: "... the act of tricking someone into giving them confidential information or tricking them into doing something that they normally wouldn`t do or shouldn`t do online. Internet scammers are using e-mail bait to fish for passwords and financial data from the sea of Internet users. The term has evolved over the years to include not only obtaining user account details but access to all personal and financial data."

A recent example in South Africa was Absa. According to a story on IOL.co.za, "How Absa hacker targeted clients` home PCs", a hacker who stole R530 000 did so when he e-mailed legitimate Absa clients a Trojan horse that fed bank account details and PIN numbers back to the hacker. With that information it was possible for the hacker to make it look as if the bank account-holders were withdrawing the cash themselves.

Another method of achieving this is to direct legitimate users to a false Web site that asks them to enter their account and PIN details.

Layered security is required to defeat the modern hacker. Gateway security, reactive anti-virus software and a firewall are essential tools in combating viruses and hackers today. Gateway-based content filtering is essential to reduce spam, virus propagation and improve general e-mail security. Inter-office e-mail virus scanning and filtering is essential on pervasive Microsoft Exchange servers and Web browsing protection and policy enforcement to manage responsible Web use while protecting users from viruses and downloading non-business material is also vital.

The future will see anti-virus software and systems that use artificial intelligence to learn and adapt as they work, but they are in the early research phases. So for now, the onus is on management to apply every possible technique and tool to prevent infection.