- The Washington Times - Wednesday, August 1, 2001

Cyber-attacks, like the Code Red worm expected to attack last night, take virtually no expertise to send.

With thousands of codes able to be easily downloaded off the Internet, more viruses are being sent out now than ever before, computer-security officials say.

There are 200 to 300 actively spreading viruses, said Robert A. Clyde, chief technology officer at Symantec Corp., maker of the popular Norton Anti-Virus software.

"We are getting to the point where you've got sophisticated tools and unsophisticated users able to take advantage of those tools," said George Kurtz, chief executive of Foundstone Inc.

"More people are also getting online," he added. "When you are online 24-seven, the potential for attack increases."

About 30,000 known Web sites give password-cracking instructions and supply hacking tools, Mr. Clyde said.

Computer users also can download viruses from some of these Web sites, he said. Hackers look down on this practice, but people do it anyway.

Officials from the security industry tried again yesterday to persuade computer users to inoculate their computers against the predicted return of the Code Red worm.

The worm can be stopped only if enough Web-site administrators install Microsoft's software patch, which plugs the hole the worm uses to attack. The worm attacks computer file servers running Microsoft Windows NT and 2000 operating systems, with the Internet Information Services software.

Several hundred thousand copies of the patch had been downloaded as of yesterday, Microsoft officials said.

A few infected computers with incorrectly set dates had started trying to spread the worm early yesterday, but had no noticeable effect on the Internet's health.

Officials warned that it could be a day or two before the worm's effects are noticed, as the worm or a more dangerous variant yet to be seen takes hold.

Home users running Windows 95, 98 or Me are not vulnerable.

Code Red infected 250,000 computers during its first outbreak July 19. Russ Cooper, surgeon general for TruSecure Corp., said the new spread could reach half a million to a million computers within three days.

Each day, Norton Anti-Virus' Live Update which boasts 1.7 million users identifies 10 to 15 new viruses out of its 50,000 daily virus submissions, Mr. Clyde said.

Viruses can be spread via e-mail "spoofing," which is when a hacker designs an e-mail to look as if it came from a friend, Mr. Kurtz said.

For example, one dangerous worm attacking currently is called "Sircam."

It is a worm that enters computers through e-mail attachments that recipients open, said Ben Venzke, CEO of Alexandria's IntelCenter. The worm was discovered July 17.

Sircam steals documents and passes them on to all of the people listed in recipients' address books, Mr. Venzke said. E-mail with infected attachments are often disguised with messages asking for advice.

The worm may be able to eventually eliminate all files on hard drives, Mr. Clyde said, but for now Sircam is just taking files and spreading itself through networks.

On a scale of one to five, Symantec rates the Sircam worm as a four, with five being the worst.

"If it wasn't for Code Red going around, we'd all be talking about Sircam," Mr. Venzke said.

Just going by the increase in the number of computers being used, the threat of cyber-attacks is growing, Mr. Venzke said.

Consumers need to keep copies of the information they have stored on their computers, which may range from accounting data to personal diaries, in case files are destroyed, Mr. Clyde said.

People should buy appropriate virus-protection software and personal fire walls, he said.

Updating protective software after buying it is critical to keeping data secure, he said.

Symantec runs a free security check Web site at www.symantec.com/securitycheck/ that has been used by more than 4 million people, the company said. The site tests computers for their susceptibility to security and virus threats.

An alarming 43 percent of the machines that checked on the Symantec's site were not up to date, and 29 percent of them actually had viruses, the company said.

"A fair number of people are infected and don't even know they are infected," Mr. Clyde said.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide