internet attacks

Internet Attacks

If you require assistance with installing, configuring, or troubleshooting a Symantec product, or if you have a question for Customer Service, then visit the Symantec Service & Support Web site at the following Internet address: http://www.symantec.com/techsupp/
Select your product and version, and then click Go. To view this and prior News Bulletins in HTML format, visit the following Internet address: http://www.symantec.com/techsupp/vURL.cgi/navarc

_____________________________

1. The plan of attack

Everyday people are searching the Internet for vulnerable computers. Once a target computer is identified, the computer is compromised, and the attacker quietly moves on in search of another target.
The first phase of the attack is to scan the Internet for computers. Every computer connected to the Internet has an IP (Internet Protocol) address. Malicious hackers use tools to scan either random IP addresses, or blocks of addresses. Because of this, you do not need to be well known or in a high-traffic region to be selected as the target of attacks. Your home computer, connected to the Internet for the very first time, is just as likely to be randomly probed as that of a high-powered Wall Street executive. The second phase of the attack is to determine whether the computer is vulnerable. Typically, a malicious hacker will search for only one specific security vulnerability at a time. If your computer displays the desired security hole, then your computer will be targeted for the attack. Otherwise, a malicious hacker will continue to search for another target. The third phase of the attack is to compromise your computer. Remember, malicious hackers look for easy targets because so many computers exhibit security holes. Using safe computing practices will limit your chances of becoming a victim of a computer attack.

___________________________

2. Internet worms

One Internet worm with an interesting origin is W32.HLLW.Bymer. It spreads by randomly searching IP addresses for Windows computers with shared network drives.
This story begins with a company called Distributed.net, who uses distributed processing to solve complex mathematical and scientific problems. Distributed.net provides a program named Dnetc.exe to install on your computer. Once installed, Dnetc.exe directs your computer's unused processing power to solve these problems. As an incentive, Distributed.net offers monetary prizes to those who solve the problems. By directing more computing power towards solving a problem, you have a better chance of winning the cash prize.
The W32.HLLW.Bymer worm was designed to infect your computer and direct your unused processing power to Distributed.net. When the infected computer contacts Distributed.net, it credits the author of the worm for contributing the processing power. In this way, the author of the worm has in effect multiplied his processing power and increased his chance of winning the cash prize.
Once this was discovered, Distributed.net made changes to its data collection process, which nullified the credit to the worm's author.
For more information about Distributed.net and distributed processing, visit the following Internet address:http://distributed.net/
An excellent source of information about worms using Dnetc.exe can be found at the following Distributed.net Web site:http://distributed.net/trojans.html.en

___________________________

3. Script-based attacks

Internet worms that use the Windows scripting host are now the fastest spreading type of malicious code. Recent worms have been known to exploit a security hole in Microsoft Outlook and Outlook Express email programs. These worms have been known to spread by emailing themselves to everyone in your email address book.
Using this tactic, worms have been able to spread around the world in a few short hours. For example, if you have 50 entries in your address book, and one of those entries is a list of everyone at your work place, then you may unintentionally send off hundreds of extra and unexpected email messages that day. Coworkers, who receive the email, may also send their share of extra email. The end result will clog or even shut down mail servers and slow the entire Internet to a crawl.
Examples of these worms include VBS.LoveLetter, W97M.Mailissa.A, and Wscript.KakWorm. The Symantec AntiVirus Research Center (SARC) provides complete information about these worms and other malicious threats at the following Internet address: http://www.sarc.com
For detailed information about script-based threats, visit the following Internet address: http://www.symantec.com/techsupp/vURL.cgi/nav92

_____________________________

4. What makes your computer a target

"By the end of last year, there were more than 200 million PCs connected to the Internet. Ninety percent of these are Windows machines running the same applications, such as Word, Microsoft Exchange, and Excel. For the first time, we have a computing monoculture. Monocultures in the natural world are extremely vulnerable to pests, such as viruses." -- Carey Nachenberg, Chief Researcher at the Symantec AntiVirus

Research Center

Many Internet-based attacks are targeted toward Windows 95/98 computers. This is not because of any inherent design flaw in these operating systems, but rather because there are a growing number of these computers, and newer users of these operating systems tend to be less security minded. Allowing unrestricted file sharing or Windows scripts to be run makes your computer vulnerable to such attacks. Many computers have permanent connections to the Internet. Because of this, these computers may have an unchanging (or static) IP address. If a malicious hacker discovers that your computer has a security hole, for example in Microsoft Outlook, then your IP address can be logged into a database. If another security hole is discovered in Outlook, then the malicious hacker can again attempt to compromise your computer, bypassing the need to scan the Internet for new targets. Malicious hackers may also trade these databases with one another, again bypassing the need to scan the Internet for targets.

_____________________________

5. How to recover

Today's Internet-based threats often damage critical computer files that can be difficult to repair or replace. Norton AntiVirus may not always be able to replace your computer's damaged Windows or program files. Because of this, you should prepare a toolkit to facilitate your recovery from a virus-related incident.
For more information on developing your recovery toolkit, please review the December 2000 Norton AntiVirus newsletter located at the following Internet address: http://www.symantec.com/techsupp/vURL.cgi/nav93

_______________________________

6. How to improve security

Some viruses spread across a network by using unrestricted shared files. Windows File Sharing grants the user of another computer the rights to read, write, copy, and move data to and from your computer. You may grant some or all of these rights. You may also require a password before these rights are granted. File sharing can be an important way to distribute information to your friends and coworkers. However, password protecting your shared files is a safe practice that you should adopt. For instructions on how to password protect your shared files and folders, visit the following Internet address: http://www.symantec.com/techsupp/vURL.cgi/nav94
Other viruses rely upon the Windows Scripting Host to spread to your computer. While using the Windows Scripting Host, your computer will automatically run scripts it encounters. Virus writers now embed viruses in a script, which will run, for example, when you open an email. With the Windows Scripting Host enabled, the virus will infect your computer as soon as you open the email. To make matters worse, these are typically the types of viruses, or worms, that email themselves to people in your address book. As you can see, these worms have the potential to spread very quickly, and have been known to overload email servers.
For instructions on how to disable the Windows Scripting Host, visit the following Internet address: http://www.symantec.com/techsupp/vURL.cgi/nav95
Norton AntiVirus (NAV) has a many layers of virus protection, including email scanning and Auto-Protect. In a recent survey of customers experiencing problems with the Wscript.Kak.Worm, it was noted that 89% of these users did not have email scanning activated, and 21% of users did not have Auto-Protect activated.
In order for Norton AntiVirus to protect your computer, it is important for all components of NAV to be configured for optimal protection.
For instructions on how to maximize your virus protection, visit the following Internet address: http://www.symantec.com/techsupp/vURL.cgi/nav96

This Tweety Home Page is not in any way affiliated with nor endorsed by Warner Bros. Inc. The creators and maintainers of this web site take no responsibility for the information provided herein. All products and brand names mentioned are trademarks or registered trademarks of their respective owners. Looney Tunes characters and all related slogans and indica are trademarks of Warner Bros. Inc. The use of such material falls under Fair use provisions.
Copyright © 1997-2001 - Tweety's Site - All rights reserved
tweety@tweety.net