Networks especially vulnerable to new breed of sophisticated computer bugs

posted onJuly 16, 2001
by hitbsecnews

Its ironic. Even as hackers and crackers from around the world were converging Friday in Las Vegas for the annual DefCon conference, two viruses written by some of the programming underworld's best are spreading like wildfire in the cities they're leaving behind. Unlike most viruses, these two don't require you to receive an e-mail, double-click on a file attachment or even open an e-mail program in order to become infected.

Instead, they travel using a combination of e-mail and corporate and home networks, infecting computer after computer without the owners even knowing they've been hit. Trend Micro, maker of PC-cillin antivirus software, says that at least 90,000 computers have been infected by some variant of the Magistr.A or Funlove.4099 viruses in the last 30 days...

Copyright 2001 Knight Ridder/Tribune News Service Knight Ridder/Tribune News Service

Detroit Free Press

SECTION: BUSINESS AND FINANCIAL NEWS

LENGTH: 733 words

HEADLINE: Networks especially vulnerable to new breed of sophisticated computer bugs

BYLINE: By Heather Newman

BODY:

Magistr.A is particularly nasty: It can erase your hard drive and overwrite the BIOS memory that stores crucial information your computer uses to boot up when you turn it on.

Funlove.4099 adds itself to program files on your hard drive and can cause them to stop working. If you're in an office where access to some files is limited by password protection, it can also make those files open to anyone who wants to look at them.

What's important about these two viruses is that they're network-aware, so they can spread faster than by just using e-mail. Here's how they work:

Someone receives an e-mail with a file attachment. Both viruses generate random subject lines and e-mail messages, so there is no pattern as to what the e-mail looks like. When the person double-clicks on the attachment, the virus begins to run.

It records itself on the hard drive and proceeds with the usual shenanigans: infecting files and sending itself to everyone in the person's e-mail address books and Sent Mail files (typically only if the person uses Outlook, Outlook Express or Netscape Communicator).

But here's where it gets hairy: Both viruses also know to look on your computer to see whether the person has access to a network, either at home or at work. If so, the viruses search to find other computers that the person has access to, and infect ALL those computers, whether those other people are logged on to their machines or not.

The viruses run on those machines the next time they boot up, and the process begins again.

In a company with hundreds of computers, people can infect and reinfect each other dozens of times a second without anyone knowing what's happening.

"Someone sitting on the other side of the building can be infected because I clicked on a virus," said Joe Hartmann, director of North American antivirus research for Trend Micro.

Trend Micro lists them as the top two viruses found "in the wild" in the last 30 days. Symantec's Anti-Virus Research Center lists a Magistr.A variant as one of its top threats.

Hartmann said Friday that polymorphic viruses like Magistr.A, which change themselves each time they infect a new computer, were the top security threat under discussion during the opening day of the DefCon convention.

Here's how to protect yourself:

Keep your antivirus program running at all times and set to scan every program file that's written onto your hard drive.

Make sure its virus definition files _ which tell it what to look for _ have been updated in the last month. Those definition files are typically available for free on the antivirus program maker's Web site.

If you don't have an antivirus program, visit a Web-based scanning site like Trend Micro's HouseCall (http://housecall.trendmicro.com) or Symantec's free online virus check (www.symantec.com/avcenter; scroll down to "Free online virus check").

Check to see whether any of your drives are easily visible on a network by double-clicking on My Computer, then looking carefully at the hard drives and folders you find there to see whether any have a blue hand under them.

If they do and you're on a network at your company, ask the tech support folks there to help you make them password-protected. If you shared the drives so you could see them on your own network, right-click on them and choose "Sharing" from the menu that pops up to see what the password settings are.

Finally, don't double-click on a file you get via e-mail from someone you don't know.

(c) 2001, Detroit Free Press.

Visit the Freep, the World Wide Web site of the Detroit Free Press, at http://www.freep.com.

Source

Tags

Audio/Video

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs