Viruses, Worms and Spam Definitions Virus - unauthorized software, embedded in other programs and with the ability to propagate when the host program is executed Worm - unauthorized software that can exist independent of other programs and with the ability to propagate itself Spam - unwelcome , typically associated with mass mailings
Viruses, Worms and Spam Threat Level Assessment Viruses and Spam - Dangerous –Complacency –Blended attacks –Vulnerable software –Reported links to commercial spammers Spam - Nuisance –Not as bad as press reports
Viruses, Worms and Spam Recent Experiences Netsky and Beagle Welchia Hoax Viruses
Viruses, Worms and Spam Netsky and Beagle Blocked by virus scanner However: –Flooded with bounced messages –Personal responses to concerned victims Government service no longer bounces infected , just drops it
Viruses, Worms and Spam Welchia worm Over 300 computers infected within minutes Benign - no visible harm Difficult to remove –Infection often not obvious –Too many for personal attention –Exceptional removal program –Frequent re-infections
Viruses, Worms and Spam Welchia worm Embedded removal program in start-up script Used firewall and Internet traffic monitor to find infected computers Applied patches from Microsoft Took about 4 weeks to remove; still not 100% sure
Viruses, Worms and Spam Welchia worm Consequences: –Wasted time –Blocked from some web sites Corrective action –Anti-virus on all computers –Periodic scan for computers that have no anti- virus protection –New patch management initiative
Viruses, Worms and Spam Hoax Viruses Nigerian Letters Jdbgmgr.exe Almost as disruptive as real viruses
Viruses, Worms and Spam Protective Actions Contingency plan Awareness Automated virus signature update Patch management