Ron McCellan, CISSP, NSA-IAM 

Did the 15 year old Richard Skrenta know what he was starting over 25 years ago when he wrote “Elk Cloner”¹? Probably not, he was just a kid that had a good sense of humor and wanted to pull a joke on his friends. While the Mac community has long touted that they are more secure than the PC market, Elk Cloner was written on and for the Apple II Operating System. But who would have thought that here after the Silver anniversary of the first virus that we would be dealing with multiple new viruses appearing almost on a daily basis. So what started as a mere annoyance to his friends has evolved into a major security risk that we have to deal with each and every day.

With over 10,000 viruses known to exist, that averages out to be over 33 new viruses or variants produced every month for the past 25 years and it is now reported that over 200 a month are being produced (International Computer Security Association).

As the virus has evolved greatly over the years, so has the delivery method, one of the latest being IFrame viruses which are delivered compromised web-servers, not defaced, just compromised. There is a major difference here, defacements are aimed at changing the content of the site, while a compromised box could look exactly the same but some of the links are changed to redirect unsuspecting users to other malicious websites with drive-by exploits. In some cases what may appear to the user as just a simple pause while waiting on the page to refresh is actually a window of time that a JavaScript is loaded in the background. Now while you continue to surf the Internet, the JavaScript in the background will download and install a Trojan or root-kit (MPack etc) and you could become the unwilling accessory to a Denial of Service attack or worse. Trend Micro reported that in one attack of this type, that as many as 10,000 websites fell victim to this type of attack and were redirecting users.

While Anti-Virus programs are great at stopping and in most case preventing infections, they are not always 100% dependable. In some cases, it has been seen that the virus was so sophisticated that it would intercept the Virus software alert to the OS that there is an infection and stop you from being alerted. So there are several signs that users should watch for to see if you are infected, such as:

• General slowness or lagging of your computer or programs
• Hard drives are being accessed excessively for small tasks
• Unknown programs running on your system in the Task Manager (Windows)
• System resources, memory of disk space use increases for no reason
• Unexplained programs, files or executables, especially in the Windows Start-Up folder

If any of these events occur you should run a standalone version of your Anti-Virus if they have one. Most professional Anti-Virus software packages come with a bootable version of their software that will scan before any malicious software is allowed to run. If you are using a free version or don’t have access to the disk, there are some bootable forensic CD images out there that will allow you to boot to a Linux kernel and use programs such as Clam AV to check for issues (This is not recommended for the casual Windows user). If this doesn’t work or you don’t feel comfortable with the freeware tools, its time to call that Geek buddy, that everyone has. If all else fails, see rule #8 below and replace the work “backup” with “restore”. Sometimes it’s easier to save your critical files and re-install, than spending countless hours trying to recover from a bad virus.

In summary, it best to do all that you can to prevent viruses before they happen, because it is really a race between the virus creators and the anti-virus companies to prevent massive outbreaks. As I have always heard, “Plan for the Worst, expect the Best.” Because it’s hard to tell what form the simple computer virus will take by its Golden Anniversary.

Top Ten Ways “Not” to get a Virus, Computer Virus that is:

10. Avoid e-mails from strangers (especially ones with attachments, even if it’s photos of

Anna Kournikova

9. Don’t insert any strange disks (CD, DVD, Floppies, and Flash Drives etc.)

8. Backup, Backup, Backup

7. Disable macros in Word, Excel and Powerpoint

6. Be Careful while surfing, with over 10,000 sites seen recently with malicious I-

Frames, you just never know what you might find when looking for pretty “scenery”

pictures.

5. Instant Messaging, MySpace, and other Social engineering sites are a dangerous

playground, so remember when you are chatting with friends, you are also chatting

with everyone that they have ever chatted with, Good, Bad and Ugly

4. Install Anti-Virus software (AVG has a free personal version from http://free.grisoft.com/

3. Scan all of your drives often

2. When in doubt, Delete first, ask questions later

1. Update your AV daily

¹ http://searchsecurity.techtarget.com

About the Author

United States Army Veteran and has served in military and contract support for the National Security Agency, Defense Information Systems Agency, INSCOM, and NASA supporting world-wide security efforts. He has an A.S. in Computer Programming from Hawaii Pacific University and B.S.’s in Computer Science and Information Systems from University of Maryland, University College. He was an INFOSEC Adjunct Facility member at the National Cryptologic School for NSA. He has over 20+ years of experience in Information Security, Vulnerability Assessments, Risk Management and Penetration Testing. He is currently working for the US Courts systems monitoring and maintaining the WAN security networks for over 100 sites world-wide, including IDS/IPS, Firewalls, Web Application security.