Mariners Lodge #150  - 692 East Bay Ave., Barnegat, NJ 08005  (609) 698-7737

Honor, Integrity, Sincerity

SITE IS UNDER CONSTRUCTION!

Calendar Results - Temporary Image
 
 

Stop Viruses and

Introduction

  You probably have important personal information stored on your computer. So it needs to be protected, especially if your computer can send or receive e-mails or access the Internet.

What stops a computer from being secure? Switching it on! Fortunately, just like protecting the contents of your home by locking the door, there are some simple things you can do to protect the contents on your computer. This guide tells you how you can protect your important and personal information by following eight sets of suggested actions.

 

 For further information or advice we suggest you review the Security of IT (NZSIT) Publications issued by the GCSB. You can also search the Web for computer security tips or speak to your local computer supplier.

  Please note: The information provided here is a guide only. It does not guarantee that by following the suggested actions your computer will be secure from compromise or attack. In many circumstances you will need to assess the specific threats, vulnerabilities and potential impact in order to determine the best countermeasures for the situation. This guide has been produced by the State Services Commission in consultation with the Government Communications Security Bureau.

 

Install a personal firewall

  Whenever you're connected to the Internet you are at risk from hackers attempting to break into your computer. To add to the potential embarrassment, they might also use your computer to attack others. Installing a "personal firewall" makes this a lot less likely. A firewall is a software or hardware device that controls online access to and from a computer.

 

To protect yourself:

 

  • DISCONNECT from the Internet when you're not using it

 

  • Have personal firewall software installed and running on your computer. There are good firewalls available for free on the Internet. To find one, use any search engine to search for "personal firewall"

 

  • If the firewall you choose can, set it to block everything else except services and/or applications you'll be using to communicate over the Internet, for instance your Web browser and e-mail software.

 

  • Keep up to date with software patches for your computer's operating system, any Internet applications and the firewall software.

 

Protect your files

  If other people have access to your computer, consider restricting access to the files you want to keep private.

To protect yourself:

 

  • Turn the computer off when you're not using it

 

  • Set-up login accounts and file permissions, so only authorised users can access the system. Unix and Windows NT/2000 have these security functions built in. If you run Windows 95/98/Me, you can buy products to provide this protection. Configure the access restrictions to individual files or folders, so other users can only access the files you want them to.

 

  • If you do not need to allow people on other computers to share your directories and printers ensure that those functions are disabled (e.g. Microsoft File Sharing and Printer Sharing).

 

  • For laptop computers, consider setting a BIOS password so only authorised users can start the computer.

 

  • If information privacy is imperative you should also consider using a file- or disk-encryption system on the sensitive files. Alternatively, you could retain the only copies of those files on removable media and store the media in a safe place.

 

Choose effective passwords

  Passwords mean protection. So when you choose a password, don't pick one that other people could easily guess such as your name, your partner's name or the brand name of the monitor.

To protect yourself:

 

  • Select a password at least 8 characters long - a mixture of numbers and letters you can remember - but which has no meaning to anyone else. This is easier than it sounds. Just think of a phrase like "don't forget to lock-up the car" create an abbreviation, including a number for letters such as "d4g2lutc"

 

  • DO NOT use the same password for different systems

 

  • DO NOT write your passwords down or send them in e-mail messages

 

  • You should change your password every 2-3 months

 

  • If you don't like passwords or need a stronger authentication system, consider installing a biometric device (such as one based on your voice or fingerprint), or a physical token system such as smart card or proximity card authentication.

 

Surf the web safely

  Java and ActiveX are programming languages that allow webpages to do all sorts of interactive and interesting things through small pieces of computer code known as 'applets'. Unfortunately, applets can also do damage on your computer if the creator of the webpage you are downloading has a nasty streak. For example, an applet could include code to delete your files, gather and pass back private information, or install a Trojan horse utility to set up a back door communications path into your computer.

To protect yourself:

 

  • The safest option is to set your computer to ignore Java and ActiveX programming languages. Otherwise set your browser to ask you each time it is about to run Java and ActiveX code. Depending on what you know about the site, you will at least have the choice to run it, or not.

 

  • Try to only visit sites that are reputable; do not run code from unknown sites.


 

Protect the information you're sending

  When you send information across the Internet it's possible other people may be able to capture and read it, or even change it. For most communications this probably isn't an issue, but if it is, consider using encryption.

To protect yourself:

 

  • DO NOT send information that is private or sensitive (such as credit card details) to Web sites that do not use encryption between your browser and the site. One way to check for this is to see if "https" is on the address line or look for the key or padlock icon in your browser.

 

  • Check to see if your e-mail program includes an encryption feature. Alternatively, use an encryption program such as Pretty Good Privacy (PGP) to manage encryption of e-mail amongst a small group of users. Note - if you encrypt your messages, the people you send them to will also need a compatible decryption program and cryptographic keys to read the message when they receive it.

Back it up

  When you use a computer, there's always a risk of losing the information on it. Most common risks are from a virus, your computer hard drive crashing, or a power failure. To reduce the impact if such an event occurs you should make back-up copies of important data files as soon as possible after they have been created or changed.

To protect yourself:

 

  • Use accessories such as rewriteable CD drives and zip disks for copies of your important files - they're easy to use and relatively cheap.

 

  • Back-up daily or at least weekly - and check that the back-up has worked properly !

 

  • Protect back-up disks from damage and unauthorised access.

 

Wipe all old files

  Before you lend or dispose of your computer, or get it serviced, make sure there's no private information left on it.

 

To protect yourself:

 

  • At the very least DELETE all the files that you don't want others to see, empty all the temporary directories, and then empty the recycling/trash bin

 

  • OR reformat the hard disk - note that this will also remove the operating system and application software as well as the data files. The software will have to be reinstalled before the system will be usable again.

 

  • Unfortunately, both these methods only modify the file cataloguing system, they don't overwrite the files - many computer buffs could still recover the information. So, for maximum protection, remove or wipe the hard drive using a disk cleaning utility. The most thorough cleaning utilities are those which overwrite every location on the disk. Those which only overwrite sectors of the disk not used by files are less thorough but should be sufficient if you delete all your private files first

 

  • Wipe or destroy CDs or floppy disks and other information storage tools, before you dispose of them or pass them on. The "MS Format" function can be used for floppy disks (DO NOT use the Quick Format option).

 

 

Stop Viruses and Worms Additional Information

 

  A virus is a computer program that propagates itself by modifying or exploiting other programs to copy it to other files or systems. They usually move from computer to computer by attaching themselves to files or to disks. The most common method of infection is through e-mail attachments or through files downloaded from the Internet, although viruses can also be transferred via floppy disk or Internet Relay Chat (IRC) communications. Many viruses delete or corrupt a selection of files or the whole file system on computers infected with them. Recently, there has been in increase in the number of network worms detected on the Internet. Worms are like viruses but use network vulnerabilities rather than user actions to propagate themselves from system to system.

To protect yourself:

 

  • DO NOT open any e-mail attachments or files if you're unsure or suspicious about who sent them

 

  • DO NOT open any e-mail attachments or files unless you know what they are, even if you know the sender. Some viruses send themselves automatically to the e-mail addresses in infected users' address books

 

  • BE VERY CAREFUL about downloading files from the Internet. If you're unsure about the source - don't do it

 

  • If you do not have anti-virus software, it is HIGHLY RECOMMENDED that you obtain and install anti-virus software on your computer and set it to check all files as they come into your computer

  • Keep the anti-virus software actively monitoring your computer at all times

 

  • UPDATE your anti-virus software, every two weeks at a minimum, according to instructions from the vendor. It's important to do this because the vendor's master virus databases are frequently updated to include the unique "signatures" of new viruses.

 

  • Check the hard drive at least every month for viruses that were not detected by the anti-virus monitor.

 

  • Be aware of hoax viruses. They have the same nuisance effect as many of the viruses they claim to be warning about. For example, they are often a warning message about a virus, telling you to alert everyone you know and citing an authoritative source as issuing the warning.

 

 

SirCam Base Viruses

 

The SirCam virus continues to flow into users' inboxes, disrupting normal email use and increasing the likelihood of infection. One frustrated couple in Australia reported that SirCam attachments were coming in at such a high rate they were quickly exceeding the 15Mb limit imposed by their ISP. To reduce the bandwidth consumption and keep their mailbox below capacity, the enterprising couple had resorted to logging into their account hourly via the web mail interface, deleting any SirCam emails before accessing their account through their regular mail client. (Attempts to persuade their ISP to block the sender had failed, as had attempts to email the sender).

 

With such widespread use of antivirus software, one has to question the ever increasing numbers of infection and the associated damage costs - last year conservatively estimated at $17 billion. In most cases, it is simply a matter of speed. New threats traveling via email simply travel much faster than a signature update can. However quickly vendors move to make these updates available, containment is difficult. To make matters worse, all antivirus is not created equal. While SirCam got a bit of a foothold in the hours and days before detection was made available, some antivirus products are still stymied by it, worsening the problem. McAfee VirusScan has two settings that can thwart detection of the virus - their habit of excluding the Recycle Bin from scans and the lack of .PIF and .LNK extensions in their scan list. Thus, unless users fully understand the SirCam threat and the capbabilities of their antivirus protection, even constant updating won't be enough to protect them from infection.

 

Fortunately, there are steps you can take to prevent SirCam, and other email-borne threats, from ever winding up in your inbox. By keeping threats out of email, signature updating becomes a much more effective strategy. The simplest, most effective method to protect against email-borne threats involves the use of filtering software. Though historically focused at the gateway level, a new product, MailDefense, provides desktop users with a means to easily remove harmful executable-type attachments and other active content from email. Highly effective against both known and unknown threats, such filtering packages alleviate the need to become an overnight security expert just to enjoy safely sending and receiving email. MailDefense quarantines executable file types, removes macros from Microsoft® Office files, and strips scripts and ActiveX controls from email messages.

 

You can bypass the protection offered by filtering and elect to manually configure your mail client to stop specific threats. However, protection offered by the email client varies. For example, Eudora® and AOL® simply display a message when certain attachment types are received, still giving the user full access to the attachment. AOL provides a "Don't show this message again" option, which makes it likely to be disabled and never again seen by users. Microsoft® Outlook and Outlook Express email clients provide message rules that can be configured to block individual viruses. However, the rules must be setup exactly right or the virus will be allowed through. Configuring message rules also requires specific knowledge of the virus' characteristics - thereby effective against known threats only.

 

SirCam Base Viruses

 

Discovered on July 17, 2001, the SirCam worm continues to maintain a steady presence. "While some viruses cause a fright then fade away, Sircam continues to haunt users. Months after its release, it's still infecting a significant number of users," said Graham Cluley, senior technology consultant at Sophos Anti-Virus. "It's mind-boggling that people are still getting caught by Sircam. Anti-virus software protects against this worm, and simple, safe computing should negate the threat."

 

Sircam's infection routine can not only compromise confidential material on your system, improper removal can cause an inability to launch any .EXE (including program files) on your system. The worm has a malicious payload (action) on the infected system which thankfully appears to not work properly. The worm intends (but down not appear to do) to deliver this payload on October 16th. In one out of twenty cases, Sircam deletes the contents of the local drive on which Windows is installed. In one out of fifty cases, on any day of the year, the SirCam virus will create a file in the hidden \Recycled\ folder named sircam.sys and repeatedly append test strings in that file until the hard drive space is filled to capacity.

According to F-Secure, the SirCam worm spreads via email with one of the following message bodies:

'Hi! How are you?'

'I send you this file in order to have your advice'
(or) 'I hope you can help me with this file that I send'
(or) 'I hope you like the file that I sendo you'
(or) 'This is the file with the information that you ask for'

'See you later. Thanks'

A Spanish version of the email has also been discovered with the following message bodies:

'Hola como estas ?'

'Te mando este archivo para que me des tu punto de vista'
(or) 'Espero me puedas ayudar con el archivo que te mando'
(or) 'Espero te guste este archivo que te mando'
(or) 'Este es el archivo con la información que me pediste'

'Nos vemos pronto, gracias.'

The SirCam worm uses files found in Windows' My Documents folder to use as a disguise for its infecting routine. This can lead to the compromise of confidential data, as the selected file(s) will be mass-mailed to others. When the attachment is executed, the worm displays the chosen file in an attempt to trick the user into believing it is a legitimate attachment. Behind the scenes, however, the worm is busy compiling a catalog of that user's My Documents folder and sending itself out to even greater numbers of recipients. Because the worm uses any cached email address found on the system, MessageLabs warns that journalists and others who have email addresses embedded in web pages may be particularly vulnerable to receiving the attachments.

SirCam also spreads via the network, using Windows network shares to spread. F-Secure analysts have determined it first enumerates all the network shares available to the infected computer. If there there is a writeable \recycled\ folder on a share, a copy of the worm is put to \\[share]\recycled\' folder as 'SirCam32.exe' file. The \\[share]\autexec.bat file is appended with an extra line: '@win \recycled\SirC32.exe', so the next time an infected computer is rebooted the worm will be started. The worm also copies the 'rundll32.exe' file to 'run32.exe' and then copies itself as 'rundll32.exe' file to the Windows directory of a remote system.

 

Removing the SirCam worm
You should exercise caution if attempting manual removal of the SirCam worm. Because of the manner in which the worm registers itself on the system, any attempt to launch an .EXE file (including program files) will result in a call to the worm which will in turn pass control to the .EXE file. While manual removal of the worm is possible, proper precaution is imperative. If the worm file is deleted without first making the necessary modification to the registry, .EXE files will not launch on the system, effectively rendering the system unuseable.

Due to the risks of improper removal, antivirus vendor Symantec has created a free utility that makes the necessary modifications and removes any instances of the virus. It can be downloaded from:

http://www.symantec.com/avcenter/FixSirc.com.

After the file has been downloaded, locate the file FIXSIRC.COM, double-click it, and choose Start to begin the removal process.

 

 

Step-by-step removal
The following removal instructions should only be attempted by experienced users. The Symantec removal utility should be used by less experienced users and those who desire an automated, safe tool for cleaning a system of a SirCam infection.

  1. Modify the Registry to:
    Delete the key HKLM\Software\SirCam
    Remove the value Driver32 from:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    Reset the value to:
    "%1" %*
    in HKCR\exefile\shell\open\command
    Registry edits can also be done automatically using the F-Secure Registry Fix.
     

  2. Modify the Autoexec.bat to:
    Remove the line:
    "@win \recycled\sirc32.exe"
     

  3. Rename RUN32.EXE In the event of an infection via the network, search for the file RUN32.EXE and rename it back to RUNDLL32.EXE (both files are located in the \Windows\ directory).
     

  4. Scan and delete infected files
    Use an updated antivirus scanner to search for any instances of the SirCam worm and delete them from your system. If an infected file cannot be deleted (for example, if you receive a "file is in use" error), reboot into DOS mode and use a DOS-based scanner such as F-Prot to scan and remove any instances of the worm. Conversely, you can search manually for the following files which are related to the SirCam worm: 'SCam32.exe', 'SirC32.exe', 'ScMx32.exe', 'Microsoft Internet Office.exe'and 'sircam.sys'. In either case, the system should be scanned thoroughly with updated antivirus software to ensure all infected files have been removed.