|
January 2003 -
Today is an Era of
Information Technology .Due to a result of technology advances over the past
decade, today we are enjoying lots of benefits out of it. Communication
means have improved a lot over the past few years. A major communication
media now a days is Internet. Considering Internet as one of major
breakthrough of the past century as well as last decade, we can say it is
very useful medium of communication. It has literally brought people
together and made the world look like a small village. Now sitting at our
home in Saudi
Arabia, we find
it very easy to have a voice chat with our family members as well as friends
all over the world at a very nominal cost. Kids are taking most benefits out
of it as most of the parents of today’s age find it difficult to be at ease
with computer and esp. Internet use. But did we ever realize that while
using Internet and all its benefits, how much risk we are putting ourselves
as well as our privacy in at the same time .May be not or may be we realize
it only when suddenly our computer goes down mostly due to a virus and now
we are stuck. “No program is running, no Internet .No voice chat .Oh GOD
, what to do .Let’s take it to a computer shop “. You go to a computer shop
.The Technician will charge you a good amount of money and Format your hard
disk and Reinstall Operating system. Most of the cases he will not care if
you have some important files on your system and even if you insist, he will
tell you that Virus corrupted all of your data so it is not possible to
collect those files. And here you go. You are ought to loose your important
files because of the virus as well a incompetency of the technician. You
bring computer back home .use it for a while and the same happens again.
Here we go again .Go to Technician, get the system formatted, loose all data
and start again Till the Next time it happens again
The Purpose of this article is to avoid having this trouble as well as to
let all people know about latest security threats and how can we save
ourselves from them .so Let’s start. Whenever we are on Internet, we are
part of a big network i.e. of our ISP’s Network which is connected to other
ISP Networks and which is connected to Other Countries Networks and more
networks, that’s why it is called Internet (Internetworking) i.e. Network of
Networks. At one time in Saudi Arabia, there may be thousands of computers
which can see you online. Like in this world not all People are good so is
true for Internet. There are not all-Good guys using the Internet .Bad guys
are there as well. Most of them are teenagers which consider it fun to break
into other people ‘s system and steal their data. Plant a Trojan and in
worst cases destroy their data as well .Let see how they do it.
Lets Assume I am a hacker and you are a legitimate
user who uses internet Emails to get in touch with his/her family as well as
you use MSN messenger or yahoo messenger to have a voice chat session with
your family and friends. And since you are not aware with security threats
so you are not using any Antivirus software as well as personal firewall
.May be the vendor who sold you a computer Installed Norton antivirus for
free but it is not updated and you don’t even know how to update it so it is
practically useless in this scenario .Now you get an email with the subject
of love or Important. You don’t know the sender but you see the subject and
say may be it is friend using some other email id .you open the mail, it has
an attachment, you double click on it and here you go. Suddenly your system
becomes very slow, sort of hangs .You don’t know what to do, you wait for a
while then you reboot the system. After rebooting the system, it seems OK .
You use it but you don’t know that you have been infected by a virus .You
will say, Hold on subhani, my computer is working fine .how can you say I am
infected. Every thing seems OK. Before proceeding further, let see what a
Virus is and what are its different forms and then I will explain that what
happened to your computer actually.
What is a Virus?
A computer virus is a program – a piece of executable code – that has the
unique ability to replicate. Like biological viruses, computer viruses can
spread quickly and are often difficult to eradicate. They can attach
themselves to just about any type of file and are spread as files that are
copied and sent from individual to individual.
In addition to replication, some computer viruses share another commonality:
a damage routine that delivers the virus payload. While payloads may only
display messages or images, they can also destroy files, reformat your hard
drive, or cause other damage. If the virus does not contain a damage
routine, it can cause trouble by consuming storage space and memory, and
degrading the overall performance of your computer.
Several years ago most viruses spread primarily via floppy disk, but the
Internet has introduced new virus distribution mechanisms. With email now
used as an essential business communication tool, viruses are spreading
faster than ever.Viruses attached to email messages can infect an entire
enterprise in a matter of minutes, costing companies millions of Riyals
annually in lost productivity and clean-up expenses.
Viruses won't go away anytime soon. More than 60,000 have been identified
and 400 new ones are created every month, according to the International
Computer Security Association (ICSA). With numbers like this, it's safe to
say that most organizations will regularly encounter virus outbreaks. No one
who uses computers is immune to viruses.
Another form of virus is Trojan which is as dangerous as you have a servant
or enemy who is hiding in your house and opening the gate at night for
thieves to come in and rob you.
What is a Trojan?
A Trojan is malware (a program designed for malicious use) that
performs unexpected or unauthorized, often malicious, actions. Trojans cause
damage, unexpected system behavior, and compromise the security of systems.
A Trojan, coined from Greek mythology's Trojan horse, typically comes in
good packaging like some picture, screen saver or some small application
which runs some joke on your screen but has some hidden malicious intent
within its code. When a Trojan is executed users will likely experience
unwanted system problems in operation, and sometimes loss of valuable data.
So What happened above may be that what you got was a Virus as well as
Trojan. First it started sending emails to all of the people in your address
book so that they will receive this virus from your name That’s why the
system hanged and when you rebooted , it put itself in registry and became a
part of your system. Now it will be launched every time you start your
system. Once you are connected to internet ,it will detect Internet
activity and send an email to an unknown hacker (the one who sent this virus
) about your IP Address and the open port to which the hacker can contact
.Now hacker has your information .If he wants to tease you now, he can do
it.Using this Trojan ,he can delete your system files ,disable your mouse
,flip your screen , crack your passwords ,steal your files and what not .By
the time you realize ,it is mostly too late .A Very common & old Trojan
which still is used at large is Sub Seven . Using Sub Seven, I can even
record the sounds at the other end. flip my victim’s screen , delete his
files ,change his screen resolution shut down his computer completely ,In
short almost every thing you can think of .And remember Sub Seven is a very
old Trojan horse . But still works today beause most of us do not bother to
use any antivirus software.
In the past Viruses and Trojans were treated separately but as the
technology grew, so grew the knowledge of hackers .Now they are making
viruses which are trojans and worms as well. A worm is like a virus but it
has the ability to replicate itself via Network shares .so not even at home,
sometime you are not even safe at your workplace .One of your colleague is
infected with a virus and there is no antivirus software in your
organization, you have shared some of your directories to be used with other
colleagues, It may be some games or some files of common use like price
sheets. Using those shares virus will penetrate your system as well and you
may loose a lot of data because of that. So after hearing all this stuff
.you will definitely look up and say “You are right .I had this problems in
the past and I suffered a lot because of it .So please tell me what can I do
so that I feel safe while using Internet “. Yes, let see what we can do now
.We can be safe on Internet if we do the following things.
a) Install an Antivirus Software
The first thing we should do is to Install an antivirus software on our
home computer .There are many antivirus softwares in the market . You can
use any of them but most poupular are
Mcafee VirusScan 7.0 (http://www.mcafee.com)
Norton Antivirus 2003 (http://www.norton.com)
It will lead to
http://www.symantec.com/nav/nav_9xnt/
PC-cillin 2003 by Trend
Micro (http://www.pc-cillin.com)
You may find free antivirus
in Pirated software CDs available in the market but I will not suggest you
to buy that. Most of these cds themselves are infected with Viruses. Most of
you will remember that CIH virus a.k.a. Chernobyl spread due to Windows
Installer cds available in the market at that time and almost every PC which
used Windows Installers got infected.
Another Important thing is that installing antivirus software is not enough
.It should be able to recognize all the latest Virus threats. To know all
the Latest Virus Threats, all the Antivirus Vendors work hard to come up
with latest Virus definitions to detect them so that people who are using
their Antivirus Software should get themselves updated with Latest Virus
Definitions .It doesn’t look fair that we do not pay them a nominal price
they are asking us against all their hard work . An Antivirus Cd can be
purchased from 100 to 200 Saudi Riyals which is not a big amount if we
compare it with all those losses that occurred to us when our computer
was down esp. if we regularly talk with our friends and family via voice
chat .Instead of voice chat ,if we have to make phone calls for one week .I
am sure we will spend more than 200 riyals.
b) Use a Personal Firewall
Using
Antivirus, we have closed on Major security hole in our computer . Yet we
have to be careful about another i.e. Script Kiddies .Who is a Script
Kiddie? Since now a days a lot of hacking tools are available over Internet
for educational and commercial purposes, a new generation of hackers have
emerged which do it just for fun. They are not very good at Operating System
level so instead of doing sophisticated hacking they go for the easy Options
i.e. destruction of Victim’s Computer. Mafia boy was one of them .At the age
of 13, he was able to get into more than 13 Govt. Sites in US .Let See hot
it works.
First of all a hacker Scans internet for all the people who are
online .It can be done easily by using Scanning Softwares which are
available on internet very easily .A common one is
R3x.
Also you can find
GFI LanGuard Scanner.
These scanners are used for Security purposes as well as for malicious use
also .Due to Microsoft Netbios, All the machines over Internet announce
their presence using ports 135-139. If you are not using a firewall, your
machine will easily be detected by the hacker. Once he knows about your
machine, he will try to access your machine by Other tools .If he is a good
programmer, he may use his own software or he can use other hacking tools to
gain access to your hard disk. He may exploit some of the software bugs of
Outlook express or Internet Explorer or AOL Messenger .All these products
have known security holes. And between the discovery of a security hole till
its remedy, there is always a window of Opportunity for hackers who never
let it go off their hands. But If there is a Black Hat hacker, there are
White Hats Security Experts too who always try to trace the hackers back and
try to minimize the damages caused by them to our society .To Save yourself
from a hacker, I will suggest you to use a Personal firewall. In the past,
Antivirus and Personal firewall were two different things but in today’s
world. Antivirus vendors have combined the two in one package .Now you can
find Antivirus as well as Firewall in one product .The Products are again
the same.
Mcafee VirusScan Enterprise
7.0 Norton Antivirus 2003
PC Cillin 2003
ZoneAlarm (Personal firewall
Only) .It can be downloaded from
http://www.zonelabs.com
and is a MUST USE product.
How to
get back to normal if you are infected with a Virus
Whenever you suspect that you are infected with a virus .you can do the
following.
a)
First
of all note the virus symptoms on your machine. Sometime they are clear
enough to tell you the Virus Name .If you do not have any virus Scanner but
you can access internet on your machine , you can go to any Antivirus Vendor
site and get your hard disk Scanned .It will tell you about the Virus name
.One of the most commonly used site is
http://housecall.antivirus.com
http://www.mcafee.com/myapps/mfs/default.asp
b)
Once you have the virus name Or Symptoms, you can search for it on
any of the following sites.
http://www.antivirus.com/vinfo
http://vil.nai.com http://www.symantec.com/avcenter
c) All these sites will give you the Details about the Virus name and the
procedure to undo its changes manually. Antivirus Softwares are not able to
undo registry changes made by virus . Either we have to use special tools
developed by Antivirus Vendor and do it manually .But mostly it is merely a
5 to 10 minute job to bring a system back to normal rather than formatting
the system and waste hours in reinstalling the Operating system and all the
Drivers and other programs.
I am sure now you have a better idea of the security threats as compared to
when you started this article .we should not forget that Security is a
process, not a product .By doing all the steps mentioned above , we can
increase our security rather than no security at all .
You can always email at
shahzad_subhani@yahoo.com if you need some assistance in this regards . |
