Chey Cobb web site

 

Index for Chey Cobb
Articles and books by Chey Cobb
Hobbies of Chey Cobb's
Pictures from Chey Cobb
Contact for Chey Cobb

   
 
Chey Cobb
  
   

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
 

Newsscan Computer Security Column
Stephen Cobb, CISSP and Chey Cobb, CISSP

As the Worm Turns
A paper that appeared recently in the Proceedings of the 11th USENIX Security Symposium generated some fairly shocking headlines, such as this in Network World: “Researchers predict worm that eats the Internet in 15 minutes.” The paper, and the publicity surrounding it, raise serious questions about the handling of security threats, questions to which we will return in a future column. Our topic today is more mundane, but no less important to you: the worm that can eat your computer in 15 minutes.

We refer to the notorious Klez worm (including variants such as Klez.E, Klez.H, Klez.K and so on). This worm, which distributes a virus, first appeared about a year ago, but is topical today because it is still going strong. We know because currently we both get around a dozen Klez-infected email messages per day. Of course, we have anti-virus software in place that detects and disinfects/deletes these messages. If you don’t have anti-virus software, you should. Not only will you be doing yourself a big favor, you will be helping the rest of the computing world. The fact is, until a critical mass of computer operators takes action against a worm like this, it will just run and run (or turn and turn).

We use the term “computer operator” because that is what you are . The more common term, “computer user,” implies an abdication of responsibility that, in our opinion, contributes to a wide range of computer security problems. Not least of these is the perpetuation of viruses by people who don’t scan their outgoing email to make sure they are not infected.

Just to be clear, a computer, like a car, is a powerful piece of technology and its potential for causing problems is not diminished by either its proliferation or its ease of use. People who drive cars are not called car users. The term driver is preferred for people who operate cars, implying as it does, a level of responsibility for deployment of the technology that is greater than, say that of a public transportation user.

What Klez can do, if you let it? For a start it can infect, damage, or even destroy a large number of program files, from basic OS command files to critical application files such WORD.EXE. In fact, one symptom of infection is repeated requests for insertion of the Microsoft Office CD from an Office application due to Klez zapping one or more executable files than the application requires.

Depending on the version of Klez this infection can take days or minutes. At the same time, Klez is working on its own protection and propagation, disabling anti-virus and security software that you are running and copying itself to any network drives it can find. Klez uses its own email software to send out messages with random subject lines and file attachments, which can include doc, pdf, txt, and xls documents. That’s right, if the contents of such files are personal or confidential it is entirely possible for Klez to break a variety of privacy laws on your behalf!

To whom does Klez send these messages? People whose email addresses are in your Windows Address Book, as well as others, such as your ICQ friends. Just to make things interesting, Klez often spoofs the sender’s address, randomly picking addresses from web pages, which is why you should not assume that a Klez-infected message was sent to you by the person whose name appears as the sender.

Defending against Klez is not that hard. Here what you need to do:

1. Make sure your anti-virus software is up-to-date (both the engine and the database) and set to scan all of your email (incoming and outgoing).

2. Make sure you have patched your email client software and your operating system with the appropriate security fixes. (You can get MS's patches at http://windowsupdate.microsoft.com)

3. Make sure you have turned off the message preview feature of your email program.

4. If you don't have an anti-virus program, you can get a very good FREE program called AVG Anti-Virus. It's available at http://www.grisoft.com

Granted, this will not stop all viruses and worms, but it will certainly stop a majority of them. The people who receive your messages will greatly appreciate the fact that you are protecting them, too.

  


©2003 Chey Cobb. All rights reserved.
chey@patriot.net
FAQs Contact Us