It can happen to anyone. You just never thought it would happen to you. All it took was barely a moment without the right protection, and now it’s too late. You’re in trouble. It didn’t have to happen. You should have taken precautions. You should have practiced safe computing.
According to computing security expert Bill Brown, about 30 or 40 machines connected to Dartmouth’s network are infected on any given day. “That’s fewer than in the past, but more than we’d like to see,” he says. “We’d prefer not to have anybody compromised.”
Brown says software programs with malicious intentions, known as malware, are passed on in various ways: through e-mail attachments, Web site links, peer-to-peer sharing sites, even automatic downloads from Web sites a user visits. Malware can perform many different tasks after first installing itself on a computer. It has the potential to infect many more people, perhaps setting itself up to distribute pornography or share illegal video and/or music files. It might steal valuable information, such as social security numbers or credit card numbers, and even e-mail addresses have some value in this new world.
Infected machines are frequently combined with others to form what is called a “bot” network of zombies that report to a master operator. Brown notes that some masters command extremely large networks of 80,000 computers, and those computers are always checking for instructions from their master. And although some people may notice their computers are responding more slowly than normal, few will detect the real threat.
“Those bot networks are actually worth money,” says Brown. “If I control a bot network, I can market that on the Internet. There are people who will pay you money to rent your zombies. They might say, ‘Hey, I’d like to rent 5,000 zombies for six hours on next Saturday.’ You arrange a financial transaction that’s worth so much money, about $200 per hour, and then that person will take those zombies and launch an attack on somebody. He might do a denial of service on somebody. He might go to a small company and say, ‘I’m going to shut you down because I’m going to hit you with all these people — say, 5,000 guys — unless you pay me $10,000. Wire the money to my secret bank account and we won’t do it.’ This is organized crime. This is not kids playing pranks.” For more information, see the Sans Institute Advisor online magazine or the recently released McAfee “ Virtual Criminology Report.” (Note: This is a PDF document.)
Although Dartmouth’s Network Services can detect unusual computer behavior on the College’s network, curing infected machines requires shutting them down, perhaps for days, to clean them up. The best course of action is to avoid the infection altogether by practicing safe computing, and Brown has some advice on how to do that.
There are three things you can do right away; run a firewall, apply the security updates, and run antivirus software. “The College provides many of those tools for users on the network,” he says. “There are specific tools we’d like people to use. For the Windows users, we provide a very advanced firewall and intrusion prevention system called Sygate. We have another tool called LDSS, which is a security suite that will make sure your Windows computer gets the required software patches. Finally, we have a viral-fighting tool called Norton AntiVirus. And we’re also encouraging people to use an anti-spyware tool, probably a Microsoft product that we like a lot called the Microsoft AntiSpyware. However, you are not limited to these software tools, and even if you do not have a Windows computer, we can help you install the major tools appropriate to your setup on a Macintosh or Linux computer.”
Brown estimates downloading and installing the tools should take well under an hour for users with a good broadband connection.
In addition, beginning this fall, Dartmouth network users will become part of a campus security system as eTokens are phased in; they hold an electronic version of each person’s identity, just like a College ID card. When fully implemented, these eTokens will provide access to safe, encrypted passage for both wired and wireless transmissions, as well as helping automate the sign-on process. The eTokens will not be required everywhere, but will be used primarily on personal computers.
Brown also recommends users employ some common-sense precautions. For example, don’t click on e-mail attachments unless you know the person who sent it to you and it’s something you would expect that individual to send. “Someone who breaks into your computer can spoof your return address and harvest your list of friends, so just because you recognize the person who sent the message does not mean you should click on an attachment,” he says. “But if you read it and it seems within the context of normal conversations that you have with that person, then sure, take a look at the photos or click on the link.”
Share information carefully. Consider encrypting any sensitive information you share via e-mail. Encrypting your mail prevents anyone from reading it except for the people you intend. There are several e-mail programs that can easily do this for you, although BlitzMail is not one of them.
Disclose your e-mail address only to people you trust. Some groups use automated tools to search Web sites for e-mail addresses they can sell.
Do not install unknown programs. They are a major source of malware and very difficult to remove.
And, finally, don’t assume protecting your computer from predators is someone else’s responsibility. The virus that afflicts you today may plague your friend, colleague, or boss tomorrow. “Ask not what your college can do to protect you,” quips Brown, “ask what you can do to protect your college by keeping your computer safe.” For more information, go to safecomputing.dartmouth.edu.
Retrieved from the Internet Archive, July 5, 2010.