Viruses + Social Engineering = 2003
This past year the dangerous trend of shrouding viruses in social engineering techniques resulted in a trying year for the infosec crowd. Lyne Bourque reviews some lessons to take into 2004.
2003 reached new heights in the destructiveness of viruses and it highlighted how the primary method of dealing with viruses today simply isn't working.
The CSI/FBI survey of the past year indicated that about 98% of respondents had implemented anti-virus software as a security measure. If that's the case then why did a virus/worm like Slammer (Sapphire) have such a devastating effect and bring the Internet to a near halt? And how do we still end up with propagated emails everyday?
Well, in Slammer's case, the propagation method caused the problem, which leads one to think that the firewall setup is the issue. Allowing for certain ports to be open and available to the Internet invites trouble. And it's not just to protect from Internet attacks but also to stem the flow of "malicious" or unwanted traffic from the Intranet to the Internet. Administrators cannot solely rely on anti-virus software to solve their security and virus problems.
While this may seem like a harsh reality, it nonetheless needs to be advocated more often. Users are often unaware of the dangers present at the many places they visit online, and admins are often too overworked to check every site users visit. A stricter Internet access policy is the way to go.
Besides Slammer, 2003 saw a bevy of other viruses, probably the best bumper crop — so to speak — since the days of "I love you". Bugbear, Blaster, Sobig and Swen made headlines. In fact, they introduced a bold new twist: spoof the source address to mimic that of a legitimate e-mail.
It's surprising that no one thought of this before. Even more surprising is that users truly believed that Microsoft and others would demonstrate such diligence and take it upon themselves to e-mail users with "fixes" to their computer problems. Not surprisingly, these viruses made the rounds (and still do today). And yet, we see that 98% of companies have installed anti-virus software.
Page 2: Blameless Administrators?