Loading ...
Sorry, an error occurred while loading the content.

Fwd: US-CERT Cyber Security Alert SA04-079A -- Continuing Threats to Home Users

Expand Messages
  • From Brian
    This is rather long, but it is along the same line as earlier e-mails from others in the group. I have been getting a lot of Netsky viruses lately in
    Message 1 of 1 , Mar 21, 2004
    • 0 Attachment
      This is rather long, but it is along the same line as earlier e-mails
      from others in the group. I have been getting a lot of Netsky viruses
      lately in attachments from people I don't even know. My Norton Antivirus
      is catching them. As luck would have it, I received this alert from CERT
      about this virus and others. I pass it on to you as it makes a great deal
      of sense and I don't want to see anyone I know infected with one of these
      viruses. It could slow their computer down as the virus tries to send
      messages out and/or compromise the security of their files. I hope you or
      someone you know will find this useful.

      Brian



      National Cyber Alert System

      Cyber Security Alert SA04-079A - Continuing Threats to Home Users

      Original release date: March 19, 2004
      Last revised: --
      Source: US-CERT

      Overview

      There are a number of pieces of malicious code spreading on the
      Internet through email attachments, peer-to-peer file sharing networks
      and known software vulnerabilities.

      Intruders target home users who have cable modem and DSL connections
      because many home users do not keep their machines up to date with
      security patches and workarounds, do not run current anti-virus
      software, and do not exercise caution when handling email attachments.
      Everyone should take precautions, patch vulnerabilities, and recover
      if you have been compromised.

      Current Threats

      US-CERT is currently tracking the incident activity related to several
      pieces of malicious code - Phatbot, W32/Beagle, W32/Netsky and
      W32/MyDoom.

      * Phatbot Trojan Horse

      The Phatbot Trojan Horse is a piece of malicious code that allows
      a remote attacker to control a large number of systems. Phatbot
      attempts to propagate by exploiting vulnerabilities in the
      Microsoft Windows operating system for which users have not
      applied the available patches. If your computer is infected a
      remote attacker will have access to your files and programs.

      * W32/Beagle Virus

      The W32/Beagle virus is a mass-mailing virus that arrives as an
      attachment to an email message. To be infected, a user must open
      the attachment. There are many variants of this virus. Some may
      require a password which is included in the email message.

      * W32/Netsky Virus

      The Netsky.B virus, described in IN-2004-02, is a mass-mailing
      virus that attempts to propagate either as an attachment to an
      email message or by copying itself to Windows network shares.

      * W32/MyDoom Virus

      The MyDoom virus, described in TA04-028A, is a mass-mailing virus
      that attempts to propagate as an attachment to an email message.

      Protective Measures

      There are steps you can take to better protect your system from these
      attacks:

      1. Apply Patches

      Many viruses spread by exploiting known vulnerabilities in
      unpatched systems. It is very important for users to apply
      security-related patches to their operating systems and
      applications.

      2. Install and Maintain Anti-Virus Software

      US-CERT strongly recommends using anti-virus software. Most
      current anti-virus software products detect and alert the user of
      viruses. It is important to keep them up to date with current
      virus and attack signatures supplied by the software vendor. Many
      anti-virus packages support automatic updates of virus
      definitions. We recommend using these automatic updates when
      available.

      3. Deploy a Firewall

      US-CERT also recommends using a firewall product. In some
      situations, these products may be able to alert users to the fact
      that their machine has been compromised. Furthermore, they have
      the ability to block intruders from accessing backdoors over the
      network. However, no firewall can detect or stop all attacks, so
      it is important to continue to follow safe computing practices.

      4. Follow Best Practices

      The technical measures listed above do not provide a complete
      solution for securing a system. There are some best practices you
      can follow:

      + Do not download, install, or run a program unless you know it
      was written by a person or company that you trust.

      + Email users should be wary of unexpected attachments. Be sure
      you know the source of an attachment before opening it. Also
      remember that it is not enough that the mail originated from
      an email address you recognize. Many viruses spread precisely
      because they originate from a familiar email address.

      + Users should also be wary of URLs in email or instant
      messages. URLs can link to malicious content that in some
      cases may be executed without user intervention. A common
      social engineering technique known as "phishing" uses
      misleading URLs to entice users to visit malicious web sites.
      These sites spoof legitimate web sites to solicit sensitive
      information such as passwords or account numbers.

      + In addition, users of Internet Relay Chat (IRC), Instant
      Messaging (IM), and file-sharing services should be
      particularly careful of following links or running software
      sent to them by other users. These are commonly used methods
      among intruders attempting to build networks of distributed
      denial-of-service (DDoS) agents.

      For additional information about securing home systems and
      networks, please see the references below.

      Recovery

      If the protective measures above, or other indicators, reveal that a
      system has already been compromised, more drastic steps need to be
      taken to recover. In general, the only way to ensure that a
      compromised computer is free from backdoors and intruder modifications
      is to re-install the operating system and install patches before
      connecting back to the network. Sometimes using an anti-virus software
      package to "clean" the system may not be enough.

      References

      * Cyber Security Alert SA04-079A
      <http://www.us-cert.gov/cas/alerts/SA04-079A.html>

      * Before You Connect a New Computer to the Internet
      <http://www.us-cert.gov/reading_room/before_you_plug_in.html>

      * Home Network Security
      <http://www.us-cert.gov/reading_room/home-network-security/>

      * Home Computer Security
      <http://www.us-cert.gov/reading_room/HomeComputerSecurity/>

      * Understanding Firewalls
      <http://www.us-cert.gov/cas/tips/ST04-004.html>

      * Good Security Habits
      <http://www.us-cert.gov/cas/tips/ST04-003.html>

      * Choosing and Protecting Passwords
      <http://www.us-cert.gov/cas/tips/ST04-002.html>
      _________________________________________________________________

      Author: Brian B. King, Damon Morda
      _________________________________________________________________

      Copyright 2004 Carnegie Mellon University.

      Revision History

      March 19, 2004: Initial release


      http://www.afhs.ab.ca
    Your message has been successfully submitted and would be delivered to recipients shortly.