Home

Security Issues Detail

 ITU              Security Issues
 

What is a virus?

A virus is a piece of programming code that is designed to infect a computer, and in most cases, will spread to other computers. Some harm data on your computer. Other viruses use your computer to harm others, and some just cause general annoyance. Viruses can be transmitted via attachments in email, file downloads, local area networks, or other forms of computer media.

 

What are the most common types of viruses?

The most common viruses do one of two things. One type, such as the Klez virus, infects common email programs, and emails copies of itself to everybody in the address book, or any email addresses that it finds in the inbox or sent items. Another common virus type infects the operating system, and broadcasts information to various sites all over the Internet. Viruses like this can significantly slow down local networks, individual connections, or even large ISP systems.

 

What is virus protection, and where can I get it?

Virus protection is software that will eliminate a virus (or malicious program) from your computer, and protect you from further infection. Anti-virus software must be updated frequently, or it won’t protect against newer viruses. Many company offer commercial and free virus protection software. Please refer to some of the following sites for more information:

 

What is spam?

Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender.

There are two main types of spam, and they have different effects on Internet users. Cancelable Usenet spam is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet users have found that any message posted to so many newsgroups is often not relevant to most or all of them.) Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems.

Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email spams typically cost users money out-of-pocket to receive. Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. Spam costs them additional money. On top of that, it costs money for ISPs and online services to transmit spam, and these costs are transmitted directly to subscribers.

One particularly nasty variant of email spam is sending spam to mailing lists (public or private email discussion forums.) Because many mailing lists limit activity to their subscribers, spammers will use automated tools to subscribe to as many mailing lists as possible, so that they can grab the lists of addresses, or use the mailing list as a direct target for their attacks.

Top

Why is spam bad?

Why do we get so upset when we receive E-mail which was not requested?

There are several reasons:

  1. The free ride. E-mail spam is unique in that the receiver pays so much more for it than the sender does. For example, AOL has said that they were receiving 1.8 million spams from Cyber Promotions per day until they got a court injunction to stop it. Assuming that it takes the typical AOL user only 10 seconds to identify and discard a message, that's still 5,000 hours per day of connect time per day spent discarding their spam, just on AOL. By contrast, the spammer probably has a T1 line that costs him about $100/day. No other kind of advertising costs the advertiser so little, and the recipient so much. The closest analogy I can think of would be auto-dialing junk phone calls to cellular users (in the US, cell phone users pay to receive as well as originate calls); you can imagine how favorably that might be received.

  2. The ``oceans of spam'' problem. Many spam messages say ``please send a REMOVE message to get off our list.'' Even disregarding the question of why you should have to do anything to get off a list you never asked to join, this becomes completely impossible if the volume grows. At the moment, most of us only get a few spams per day. But imagine if only 1/10 of 1 % of the users on the Internet decided to send out spam at a moderate rate of 100,000 per day, a rate easily achievable with a dial-up account and a PC. Then everyone would be receiving 100 spams every day. If 1% of users were spamming at that rate, we'd all be getting 1,000 spams per day. Is it reasonable to ask people to send out 100 ``remove'' messages per day? Hardly. If spam grows, it will crowd our mailboxes to the point that they're not useful for real mail. Users on AOL, which has a lot of trouble with internal spammers, report that they're already nearing this point.

  3. The theft of resources. An increasing number of spammers, such as Quantum Communications, send most or all of their mail via innocent intermediate systems, to avoid blocks that many systems have placed against mail coming directly from the spammers' systems. (Due to a historical quirk, most mail systems on the Internet will deliver mail to anyone, not just their own users.) This fills the intermediate systems' networks and disks with unwanted spam messages, takes up their managers' time dealing with all the undeliverable spam messages, and subjects them to complaints from recipients who conclude that since the intermediate system delivered the mail, they must be in league with the spammers.

Many other spammers use ``hit and run'' spamming in which they get a trial dial-up account at an Internet provider for a few days, send tens of thousands of messages, then abandon the account (unless the provider notices what they're doing and cancels it first), leaving the unsuspecting provider to clean up the mess. Many spammers have done this tens or dozens of times, forcing the providers to waste staff time both on the cleanup and on monitoring their trial accounts for abuse.

  1. It's all garbage. The spam messages I've seen have almost without exception advertised stuff that's worthless, deceptive, and partly or entirely fraudulent. (I include the many MLMs in here, even though the MLM-ers rarely understand why there's no such thing as a good MLM.) It's spam software, funky miracle cures, off-brand computer parts, vaguely described get rich quick schemes, dial-a-porn, and so on downhill from there. It's all stuff that's too cruddy to be worth advertising in any medium where they'd actually have to pay the cost of the ads. Also, since the cost of spamming is so low, there's no point in targeting your ads, when for the same low price you can send the ads to everyone, increasing the noise level the rest of us have to deal with.

  2. They're crooks. Spam software invariably comes with a list of names falsely claimed to be of people who've said they want to receive ads, but actually consisting of unwilling victims culled at random from usenet or mailing lists. Spam software often promises to run on a provider's system in a way designed to be hard for the provider to detect so they can't tell what the spammer is doing. Spams invariably say they'll remove names on request, but they almost never do. Indeed, people report that when they send a test ``remove'' request from a newly created account, they usually start to receive spam at that address.

Spammers know that people don't want to hear from them, and generally put fake return addresses on their messages so that they don't have to bear the cost of receiving responses from people to whom they've send messages. Whenever possible, they use the ``disposable'' trial ISP accounts mentioned above so the ISP bears the cost of cleaning up after them. I could go on, but you get the idea. It's hard to think of another line of business where the general ethical level is so low.

  1. It might be illegal. Some kinds of spam are illegal in some countries on the Internet. Especially with pornography, mere possession of such material can be enough to put the recipient in jail. In the United States, child pornography is highly illegal and we've already seen spammed child porn offers.

Any one of these six would be enough to make me pretty unhappy about getting junk e-mail. Put them together and it's intolerable.

 

Top

Windows XP Users: Infected by Sasser virus?

If you are using Microsoft® Windows® XP or Windows XP Service Pack 1 (SP1) and your computer has been infected by the Sasser worm, you can take these steps to update your software, remove the worm, and help protect against future infections.

Step 1: Disconnect from the Internet

To avoid further problems, disconnect from the Internet:

  • Broadband connection users: Locate the cable that runs from your external DSL or cable modem and unplug that cable either from the modem or from the telephone jack.
  • Dial-up connection users: Locate the cable that runs from the modem inside your computer to your telephone jack and unplug that cable either from the telephone jack or from your computer.

Step 2: Stop the Shutdown Cycle

This worm may cause LSASS.EXE to stop responding, which forces the operating system to shut down after 60 seconds. If your computer starts to shut down, follow these steps to abort any system shutdown that may be in progress.

  1. On the taskbar at the bottom of your screen, click Start, and then click Run.
  2. Type: cmd and then click OK.
  3. At the command prompt, type: shutdown.exe -a and then press ENTER.

Step 3: Mitigate the Vulnerability

You can temporarily remove the vulnerability that allows the worm to infect your computer by creating a log file.

Create the log file

  1. On the taskbar at the bottom of your screen, click Start, and then click Run.
  2. Type: cmd and then click OK.
  3. At the command prompt, type: echo dcpromo >%systemroot%\debug\dcpromo.log and then press ENTER.

Make the log file read-only

4.    At the command prompt, type: attrib +R %systemroot%\debug\dcpromo.log and then press ENTER.

Step 4: Improve System Performance

If your computer is acting sluggish or if the Internet connection is slow, the worm may be flooding your local network connection. This may make it impossible for you to download and install the required software update. To improve system performance:

  1. Press CTRL+ALT+DELETE, and then click Task Manager.
  2. For each of the following tasks that may be listed, click the task to select it, and then click the End Task button to end it.
    • Any task ending with _up.exe (for example, 12345_up.exe).
    • Any task starting with avserve (for example, avserve.exe).
    • Any task starting with avserve2 (for example, avserve2.exe).
    • Any task starting with skynetave (for example, skynetave.exe).
    • hkey.exe
    • msiwin84.exe
    • wmiprvsw.exe

Note  Do not end the wmiprvse.exe task; it is a legitimate system task.

Step 5: Enable a Firewall

A firewall is a piece of software or hardware that creates a protective barrier between your computer and the Internet. If your computer has been infected, a firewall will help limit the effects of the worm. Windows XP includes the Internet Connection Firewall (ICF). To turn on ICF:

  1. On the taskbar at the bottom of your screen, click Start, and then click Control Panel.
  2. Click the Network and Internet Connections category.
    (If the Network and Internet Connections is not visible, click Switch to Category View under Control Panel on the left side of the Control Panel window.)
  3. Click Network Connections.
  4. Right-click the Dial-up, LAN, or High-Speed Internet connection that you use to connect to the Internet, and then click Properties from the shortcut menu.
  5. On the Advanced tab, under Internet Connection Firewall, select Protect my computer and network, and then click OK. The Windows XP firewall is now enabled.

Step 6: Reconnect to the Internet

Plug the cable (referred to in Step 1) back into your computer, telephone jack, or modem.

Step 7: Install the Required Update

To help protect your computer against this worm in the future, you must download and install security update 835732, which was released with Microsoft Security Bulletin MS04-011. To download security update 835732, go to http://go.microsoft.com/?LinkID=526067

Step 8: Check For and Remove Sasser

After you have installed the update and restarted your computer, go to the Web page "What You Should Know About the Sasser Worm and Its Variants" at http://www.microsoft.com/security/incident/sasser.asp. Use the Sasser Worm Removal Tool to search your hard disk for and remove Sasser.A, Sasser.B, Sasser.C, and Sasser.D.

About Internet Connection Firewall

The Windows XP Internet Connection Firewall can block useful tasks such as sharing files or printers through a network, transferring files in applications, or hosting multiplayer games. Nonetheless, Microsoft recommends that you use a firewall to help protect your computer.

If you turn on the Internet Connection Firewall and find that you can't perform some tasks you want to, read "How to Open Ports in the Windows XP Internet Connection Firewall" at http://www.microsoft.com/security/protect/ports.asp.

If you have more than one computer, want more technical information, or want to learn more about firewalls, read "Frequently Asked Questions About Firewalls" at http://www.microsoft.com/security/protect/firewall.asp.

 

Top

General Password Tips

  • Did you know your password is case sensitive? Make sure your Caps Lock button is OFF!

  • Log in problems are frequently typos - type slowly!

  • If you're using the keys on the right side of your keyboard,
    make sure the Number Lock button is ON!

  • If you recently changed your password, it can take up to 20 minutes for it to reset in our system.

 

Password Security Tips


Using an insecure password can result in your account being compromised. Follow these guidelines to select and maintain a secure password:

  • Don't use passwords that consist of easily accessible personal information, such as address, phone number, or date of birth.

  • Make your passwords at least six characters and a combination of numbers and letters. They should also include both capital and lowercase letters.

  • Avoid using words that can be found in a dictionary.

  • Don't use the same passwords for multiple sites. Reusing passwords, although, tempting, is a security risk. We have found that when a hacker gets a hold of a password, they will try to use it on hundreds of other sites to try to access your personal information.

  • Don't give your password out to anyone.

  • Change your passwords frequently

Top