CIS Storm Central
When a blizzard or hurricane warning is released, do you head to the store to stock up on bread and milk like so many others in case this is “the big one”? Knowing that bad storms are a real possibility here in New England , you undoubtedly keep close tabs on weather conditions so you can make that trip to the grocery store before the shelves are empty.
There are “virtual” threats that can be nearly as disruptive to your life. IT security industry experts, like meteorologists, monitor their own indicators for threatening conditions. In fact, the SANS Institute has established the Internet Storm Center ( http://isc.sans.org/ ), which provides a free analysis and warning service.
Such experts also make long-term forecasts and have said that 2006 could bring “bigger and better” threats from malware, botnets, viruses and worms, created by ever more clever and motivated cyber-criminals. [Please see the end of this article for a glossary of terms.] The staff of SearchSecurity.com offered their top predictions for 2006:
- Cyber-criminals will continue using viruses and worms as tools.
- Malware production pace will increase and quality will improve.
- Viruses and worms will become increasingly targeted.
- Malware will continue to target mobile devices such as phones and PDAs and embedded systems.
- Malware sources will increase – and the identities of the "perps" may be surprising.
- Coordinated attacks will reduce the distinctions between these types of threats.
- Authorities will continue to take more significant action against malware creators.
They also pointed to the trend from viruses to spyware, due not only to increased awareness and better defenses, but to the lure of big bucks, noting that spyware has become a billion-dollar industry.
True to predictions, the year started with the tempestuous threat called “WMF Zero Day”, which took advantage of a Windows flaw and was transmitted via image files that could appear in email, instant messaging (IM), or web pages. Unlike other malware, with “WMF Zero Day” it was possible to become infected simply by viewing a picture or clicking on a link to a compromised or malicious web site, no matter what browser you may be using. Affected computers could become botnets, completely under the control of the attacker. According to the SANS Internet Storm Center, “So what do all of these exploits actually drop? The answer is: typical "bad guys" stuff. They are usually dropping various versions of SDBot and similar IRC trojans. This will enable them to herd zombie machines that they use in the future.”
CIS network and systems staff constantly monitor for such storms as the Microsoft “WMF Zero Day” vulnerability, which was first sighted at the end of 2005. Fortunately, no significant damage was reported and Microsoft announced a patch for the vulnerability on January 5, available through Windows Update.
How will you know if a malware storm is approaching? CIS will post any red alerts on its home page, www.brown.edu/cis . You can also find these and other security bulletins on the IT Security page, www.brown.edu/cis/itsecurity as well as the “Get Control” link that provides “bread and milk” ideas you can stock up on now.
In the event of a severe warning, look for Morning Mail or bulk email messages with specific instructions regarding what to do to protect yourself. And in the meantime, learn some of the lingo that's listed below. Unfortunately, you may be hearing a lot of it this year.
Glossary of terms:
Adware: Similar to spyware, but often just displays ads (pop-ups, changes ads on site, etc). Often installed with P2P (peer-to-peer) software.
Anti-virus software: Critical weapon that can identify then protect you against known threats.
Backdoors: An undocumented way of gaining access to a program, online service or an entire computer system.
Botnet: A jargon term for a collection of software robots, or bots, which run autonomously. A botnet's originator can control the group remotely and usually for nefarious purposes. See http://en.wikipedia.org/wiki/Botnet for more details.
Exploit: Software that that takes advantage of some vulnerability in other software. Usually used to gain unauthorized access to computer(s).
Firewall: A system designed to prevent unauthorized access to or from a computer or network of computers, protecting it against actions that could lead to its being compromised.
Keystroke logger: A program or device that once installed will collect the keystrokes of the computer's unaware user (such as user IDs and passwords). Keystroker loggers (or keyloggers, as they are also known) are often unknowingly downloaded as spyware.
Port: In the context of TCP/IP networking, a port is nothing more than an integer that uniquely identifies a path for data to travel across, or an application to listen on.
Malware: Or “malicious software”, is any program or file that is harmful to a computer user. Malware includes spyware, adware, viruses, worms, Trojans, etc. See also http://en.wikipedia.org/wiki/Malware.
Patches: Updated software for your computer that fixes “bugs” or errors in the programs on your computer that could allow attackers to gain unauthorized access to your computer.
Spyware: Software, typically installed without user's knowledge, that collects data on the user's habits. Often exploits known vulnerabilities in MS products. Symptoms include hijacked browsers, pop-ups, computer slows down, etc. See also http://en.wikipedia.org/wiki/Spyware.
Trojan: A virus that disguises itself as a benign application. A Trojan Horse portrays itself as one thing when it is actually something else. It does not replicate but can cause significant damage to the machine; most often it will compromise the machine.
Worm: A virus that uses the infected computer to replicate itself across the network or spread through email, usually performing malicious actions.
Virus: A program that is installed and run on your computer without your knowledge typically for malicious purposes. Such a program or code can replicate itself, possibly infecting another program, boot sector, partition sector, or document.
Vulnerability : A programming or design flaw in software that allows for a security exposure. A bug.
Sources for terminology:
Author: Pat Falcon
Date: February 9, 2006