Is It Safe?

Bugs: With deceptively pleasant subject lines, these renegade programs cause file deletions and leave your computer open to further invasions - but there's hope.

October 01, 2001|By Kevin Washington | Kevin Washington,SUN STAFF

This summer, the words, "Hi! How Are You?" were cause for alarm if you owned a PC.

A little over a year after the Internet's most catastrophic computer virus struck in the form of a love note e-mailed around the globe, the world's computers have been battered again by a series of bugs with equally friendly subject lines.

The latest bugs, whose mischief ranges from erasing files from your hard drive to providing strangers with access to your computer, represent unprecedented levels of sophistication in what they do and how they attack, according to those who follow virus trends.

Often, we have only ourselves to blame.

"Too many people don't have the proper anti-virus protection, haven't updated it or don't know what they have," said Andy Faris, president of the Americas for British-based MessageLabs. "The old traditional viruses were nuisance viruses. They clogged up networks and caused other problems. Today, in the past three months, we've seen a real malicious new breed of virus with serious payloads."

Those worms and viruses cost businesses and individual users around the world billions of dollars in downtime, repair efforts and lost productivity. Computer Economics, a research firm in Carlsbad, Calif., estimates the bill at $17 billion last year and, as of last week, nearly $12 billion this year.

This Summer of Sam for computers has been particularly brutal.

Sircam, often sporting the "Hi! ... " subject line, showed up in July as an e-mail attachment, which when opened, sent users' personal documents randomly to people on their e-mail address lists. Next up was Code Red, followed by its brother, Code Red II, which began surfing the Net looking for Windows NT and Win 2000 machines with specific vulnerabilities. Their traffic interrupted corporate computer networks.

PC users running Windows 95, 98 and ME thought they were safe until W32.Nimda.A@mm came along nearly two weeks ago, invading computers through a variety of breaches, making itself at home and giving access to intruders.

And just last week, a nasty number called "Vote Virus" took advantage of America's obsession with the terrorist attacks on the World Trade Center and Pentagon. It arrived in e-mail boxes with the subject line, "Peace between America and Islam."

Those who tried to vote for peace by clicking on its attachment unleashed a virus that erased files and overwrote Web pages.

Sharon Ruckman, senior director at San Francisco-based Symantec Security Response, calls the latest intruders, such as Nimda, "integrated security threats."

"They're more than just a virus or worm. They take different ways of attack and put them together," she said.

Nimda (which is "admin" spelled backwards) can infect a PC as an e-mail attachment, actively replicate itself to surf the Internet looking for specific Web servers, move from one hard drive to the next on shared networks, and even find its way into unprotected computers whose owners visit boobytrapped Web pages.

Those infected with the Nimda or the second Code Red virus also had "back doors" drilled into their systems, giving hackers the potential ability to take control of their computers.

If you think you escaped the direct effects of the past few outbreaks because none of your files was infected, think again, virus watchers say. When worms, which are viruses with the ability to propagate, start mailing themselves all over cyberspace, they slow the Internet.

"The slowdown is no different than what happens on a telephone network on Mother's Day" when callers try to reach family - en masse - said Lawrence Rogers, a senior member of the technical staff at CERT, Carnigie Mellon University's Software Engineering Institute. With so much Internet traffic generated by worms looking to infect new hosts, "things would be slow and appear slow."

You might not see the difference on a DSL or a cable modem, because of the high speeds at which they carry surfers to Web sites. But if you used a 56K modem within the first 24 hours that a worm strikes, you would notice, experts said.

Both America Online Inc., the largest ISP in the nation with 31 million subscribers, and Comcast Cable Communications, which provides high-speed cable Internet service, reported few problems with their networks. In part, their efforts have focused on getting people to save themselves from the headache of being attacked.

AOL spokesman Nicholas Graham said his company's response was to alert people to the danger immediately with a message on their "Welcome" screens and advice on how to protect themselves.

And while this summer's viruses were nasty, the computing world wasn't hit nearly as hard as it was when the Love Bug showed up in e-mail boxes in May 2000.

The "I Love You" virus caused more damage than any other PC viral infection in history. Computer Economics estimates its economic impact at $8.75 billion. The virus e-mailed itself using Micrsoft Outlook e-mail from computer address books and destroyed many users' picture and music files.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.