Main Page | Bracing for Cyberwar | Hacking Primer | Scenes from the 'Hacker Underground' | Hacking: Two Viewpoints | Timeline | Gallery | News Archive | Discussion | Related Sites

From...

December 30, 1999
Web posted at: 11:47 a.m. EST (1647 GMT)

by Brian Fonseca

(IDG) -- Having passed through Christmas unscathed by any major virus activity, virus protection software vendors are still be watchful of viruses or other attacks against computers that the first few days of 2000 may bring.

Sal Viveros, director of McAfee Total Virus Defense at Network Associates Inc. (NAI), said that the company received a few calls from customers around the Christmas holiday who were infected with the Win32.Kriz worm. If activated, Kriz, a worm whose destructive payload was set to trigger on Dec. 25, could delete a PC's CMOS memory, damage its FLASH memory, and overwrite all network drive files.

Bracing for Cyberwar Hacking Primer Hacking: Two Views Timeline Gallery Discussion TIME: Counterhacking 101 Related Sites

Viveros dubbed the contained Kriz infections "pretty minor" and said that overall, Christmas viruses, particularly greeting-card executables, were not thrust into widespread circulation this season because many people opted to send secure holiday URL's to friends and family instead.

NAI and other security vendors are now turning their attention and manpower toward an event for which planning has gone on for months: year-2000 and related hacking threats.

NAI researchers are proactively searching out any outbreaks, monitoring Usenet groups and virus writer and hacker Web sites to keep on top of the very latest strike that could occur worldwide, Viveros said.

"We're going to be monitoring this in real time. [By the time New Zealand rolls over to 2000] we still have 13 hours to prepare for the West Coast, so we can get updates and upgrades in Europe and the East Coast, and still have time to react to it," Viveros said. "We're going to be following the sun with this."

	ALSO
Powers that be ready in Albuquerque Shutting down old disks for Y2K could do more harm than good Anti-virus vendors on alert for new year Small businesses not forgotten in Y2K FAA installing last-minute Y2K patch

Some companies have chosen to completely shut down their systems or Web sites altogether during year-2000 for protection, or they have changed the settings on their servers to block or turn back e-mail far longer than it normally might. This would bide time until the server can be checked by a systems or security manager for oddities the following week.

Taking down a server or Web site may work in the short term, but vulnerabilities in the security system will just be exposed once they are turned on again, if they have been attacked or breached, said Jimmy Alderson, director of Network Monitoring at the Meta Security Group, in Atlanta.

"The funny thing is, whatever holes they have in their Web site will still be there when they bring it back online," Alderson said. Some United States Air Force bases, as well as alladvantage.com- which pays people to have ads appear on their web browser while online - are examples of groups that have announced they will shut down their Web sites during the coming weekend, Alderson said.

Vincent Weafer, director of Symantec's Anti-Virus Research Center, said virus submissions to Symantec have gone from 8,000 a month in early 1999 to averaging 23,000 a month in December. He predicted that the majority of hacks or viruses directed toward systems will be discovered starting the week of Jan. 3 when most people go back to work and students return to school.

MORE COMPUTING INTELLIGENCE

IDG.net home page

InfoWorld home page

Y2K advice for the last days

Gartner: No new year's calamities

E-BusinessWorld

Reviews & in-depth info at IDG.net

Y2K: A never-ending story

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for IT leaders

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

Because of the massive planning by most anti-virus security vendors to shield themselves, as well as their efforts to have customers upgrade to the latest virus- scanning and protection software, Weafer said he believed that a large threat this weekend was unlikely. ISPs also will be watching out for problems.

He did caution users to watch out for hoaxes being prevalent during the coming days. Weafer said one hoax to which Symantec has been alerted is geared toward America Online users. The e-mail warns the person who receives the message that if they do not pass their account information to the e-mail sender and forward the message to ten other AOL users, their account and e-mail service will be deleted.

"It's designed to get people's anxieties up," said Weafer. "Hoaxes spread very rapidly, using psychology to spread the information from computer to computer. It clogs up e-mail servers and e-mail boxes. [Users] are never quite sure what's secure what's not secure."

Weaver said that home users, small offices, and people who do not have ISP technicians on the lookout for possible attacks may be the most vulnerable with regard to security through the next few weeks.

Graham Cluely, senior technology consultant at Sophos, an anti-virus software company, in Wakefield, Mass., offered some helpful last-minute tips to help users get ready for the year 2000.

- Stop using the Word DOC format; instead, save documents in pure RTF because the format does not support macro language viruses but still supports DOC formatting.

- Change your CMOS boot-up sequence so that rather than booting from Drive A: if you leave a floppy in your machine, you boot from Drive C: instead. This should stop all boot-sector viruses.

- Do not run or open unsolicited executables, documents, spreadsheets, etc. Virus-scan anything that runs in the company.

- Keep anti-virus software up to date, and monitor your anti-virus vendor's Web site for information and updates on any new viruses that are discovered.

Narender Mangalam, director of security at Computer Associates International, said that it is imperative that users separate the hype about year-2000 from the security procedures that must be followed.

"Viruses have caused a lot of damage in the past. Knowing that it's important to be alert, while at the same time not panicking, is key," Mangalam said. "I hope [the hype] won't tune people out in the new year. It's tougher to get people ready when they're not paying attention."