|
Dreaded
worms and viruses
How do we deal with them? As simple as closing off their access
to your computer, right?
Not at all. Here are some of the ways a virus or worm can enter
your computer.
1) You are sent a malicious attachment (You don't even have
to open up attachments anymore).
2) You left some Internet services "active".
3) You have a mis-configured firewall.
4) You visited a malicious web site.
Here is a rundown on the most recent worms, how they work, and
our solution.
MSBlaster
worm - Affects Microsoft Windows users. This worm enters
port 135, a common "service" available to Windows
users allowing them to exchange files on the Internet. This
port is always active if your computer is connected to the Internet.
Most people are unaware of this service, but the boys in Redmond,
Washington seem to think everyone wants this feature. Unfortunately,
hackers also want it, so they can access your PC and install
additional ways to "own" your PC.
How do you stop this? Firstly, always make sure your system
is upgraded. Unfortunately, this can be a daunting task. Almost
every time you boot up, you'll probably get reminders to patch
your system. This can be extremely annoying, and most people
ignore them.
Solution - The CrunchBox not only monitors the usage
of important Ports, but it can also be setup to block any kind
of attempt to access port 135. It can also block port 135 completely,
if your security policy permits it.
SoBig
Virus - This dreadful virus gets access to your computer
because you either opened up the wrong mail attachment, or possibly
just opened the mail. Once this was done, the virus sits dormant
in your computer until the next time you turn it on. At some
pre-determined time, your PC tries to connect to a secret host
(details of which are embedded into the virus code). It then
can download anything the attacker wants to install in your
machine, allowing then to "own" it. Once they control
your computer, hackers could then install a "Spam Trojan".
This nasty code installs a special version of "WinGate"
on your machine. Now the spammers can send lots of spam from
your computer, digging out all your friend's Email addresses
and sending spam to them as well as a copy of the virus you
got and accidentally opened. If you visit IRC (Internet relay
Chat), there is often hostile code that can enable a way the
virus can enter your computer.
What can you do? You could remove all mail attachments you get.
Pretty extreme, since you would also lose the ones you want
to see. Although there are better and more secure ways to transfer
files, sending attached files by email is more convenient.
Solution - If you're protected by the CrunchBox, you
never have to worry about the attachment coming near your computer.
If a malicious attachment attempts to enter your network, it
is blocked because the CrunchBox keeps detailed logs, and can
easily identify malicious code. |
|
|
|
|
|
