Viruses + Social Engineering = 2003

This past year the dangerous trend of shrouding viruses in social engineering techniques resulted in a trying year for network administrators. However, there are lessons to be learned from 2003 that you can take into 2004.

 By Lyne Bourque
Page 1 of 2
Print Article
When I look back at the past 12 months, it occurs to me that some common themes keep appearing. I begin to wonder about what the CSI/FBI survey for 2004 will look like when it's released next spring. Certainly there has been discovered many flaws and holes in various applications, but overall two things stood out: viruses continued to breed and social engineering had reached new, unprepared audiences.

2003 reached new heights in the destructiveness of viruses and it highlighted how the primary method of dealing with viruses today simply isn't working.

The CSI/FBI survey of the past year indicated that about 98% of respondents had implemented anti-virus software as a security measure. If that's the case then why did a virus/worm like Slammer (Sapphire) have such a devastating effect and bring the Internet to a near halt? And how do we still end up with propagated emails everyday?

Well, in Slammer's case, the propagation method caused the problem, which leads one to think that the firewall setup is the issue. Allowing for certain ports to be open and available to the Internet invites trouble. And it's not just to protect from Internet attacks but also to stem the flow of "malicious" or unwanted traffic from the Intranet to the Internet. Administrators cannot solely rely on anti-virus software to solve their security and virus problems.

Administrators need to limit where and how often users go out to the Internet. In many work settings, there rarely exists a need to instant message, send/receive personal email, Web surfing, etc. In fact, few employees truly need access to the Internet, beyond work email.

While this may seem like a harsh reality, it nonetheless needs to be advocated more often. Users are often unaware of the dangers present at the many places they visit online, and admins are often too overworked to check every site users visit. A stricter Internet access policy is the way to go.

Besides Slammer, 2003 saw a bevy of other viruses, probably the best bumper crop — so to speak — since the days of "I love you." Bugbear, Blaster, Sobig and Swen made headlines. In fact, they introduced a bold new twist: spoof the source address to mimic that of a legitimate e-mail.

It's surprising that no one thought of this before. Even more surprising is that users truly believed that Microsoft and others would demonstrate such diligence and take it upon themselves to e-mail users with "fixes" to their computer problems. Not surprisingly, these viruses made the rounds (and still do today). And yet, we see that 98% of companies have installed anti-virus software.

Page 2: Blameless Administrators?

This article was originally published on Dec 29, 2003
Get the Latest Scoop with Networking Update Newsletter