http://star-techcentral.com/tech/story.asp?file=/2002/3/27/technology/27hac&sec=technology By M. MADHAVAN Wednesday, March 27, 2002 PETALING JAYA: Users who have installed host-based firewall software on their home PC are beginning to notice an unusual number of attempted attacks on their home machine and are perplexed by it. National ICT (Information Communication Technology) Security and Emergency Response Centre or Niser ( www.niser.org.my ), said the attacks are largely due to "active scanning" by automated tools initiated by human or run by malicious codes targeted at any computers connected to the Internet. "Until now, scans by old viruses such as CodeRed and NIMDA are still active although the number have dwindled compared to the first three months when the viruses were first detected last year," said Raja Azrina Raja Othman, Niser Assistant Director 1. (The CodeRed worm racked up damages in excess of US$2.6bil (RM9.9bil) worldwide, while the NIMDA virus spread like wild fire and infected over 2.2 million servers within a 24-hour period.) Host-based firewall software, which sits on the user's computer, monitors incoming and outgoing data traffic and will block out unauthorised access to the computer. "The active scanning probably has always been there, except it has been hardly noticed when host-based-firewall were not prevalent among PC users back then," she said. Active scanning on the Internet has been reported ever since hacking tools and Trojans became widely available in 1998, she told In.Tech. Also, certain Trojans like Netbus or Subseven, make it easier for other malicious programs to breach a PC's security, Raja Azrina said. Viruses replicate themselves and spread to other computers via the Internet, e-mail, infected programs and floppy disks, and usually - but not always - cause some harm to its host. Trojans, unlike viruses, do not replicate themselves and require someone to plant them in your machine or send it to you via e-mail. Usually Trojans cause damage or compromise the security of the intended computer. Niser, set up by the National Information and Communication Technology Council (NITC) last year, works with government and private bodies to address security-related issues in the country. Niser was originally expanded from the Malaysian Computer Emergency Response Team (MyCERT), which was set up in 1997. However, security specialist Symantec Corp (M) Sdn Bhd ( www.symantec.com.my ) said that consumers are becoming a bigger target because home computers are easier to break into. "Home computer users are houses with the doors and windows open whereas big corporations know that they are targets and have hired the appropriate IT staff to help "lock" their machines from would-be hackers, said Gun Suk Ling, Symantec country manager for Malaysia and Indonesia. According to Gun, being a hacker no longer requires a lot of technical knowledge and one can easily download various hacking tools from the Internet. To gauge the extent of attacks on consumers, the company invited home computer users from the Sydney PC User Group in Australia to participate in its research programme. Research participants were given a copy of Symantec's Norton Internet Security and asked to carry on surfing the Internet as usual, while the software logged hacker activities without alerting the users. In the period of one month over which the research was conducted, the research participants recorded 1,199 attempted intrusions. And one person received 166 attacks in just 14 days, she added. According to statistics on Niser's website, viruses posed the biggest threat last year, with hacking attempts and intrusion coming in second and third respectively. Users can best protect themselves with a properly configured antivirus program or host-based firewall, said Gun, adding that most PCs sold these days should be bundled with an antivirus software. "Antivirus software should not be a luxury item for PCs anymore; it is a necessity," Raja Azrina said. Antivirus software needs to be updated regularly and users need to be educated on basic do's and don'ts of protecting a PC, she said. For instance, users should practice caution when opening suspicious looking e-mail messages because a majority of malicious code travels and infects computers via e-mail attachments, she said. If users decide to rely on host-based firewalls, they need to do a certain amount of configuring to make sure they get optimum protection because some of these software do not offer much protection on default settings, she said. A properly-configured host-based firewall will help prevent unwanted traffic from entering or leaving a PC even if the PC has been infected, she said. With the precautions it is safe to access the Net but there is never 100% guarantee because there has been and will always be new and innovative bugs that will find a security loophole in a PC, she said. Symantec said that while viruses remain the primary threat to online users, anti-virus software does not stop hackers from breaking into a computer. "Hackers rely on a variety of tools to identify computers on the Net and to break into them and antivirus software would not stop that from happening," said Gun. "Every minute your computer is online, it's vulnerable to intrusions and information theft. That's true no matter what kind of Internet connection you have therefore it is important to install an effective firewall and antivirus software for complete protection," she said. Symantec recommends using its Norton Personal Firewall 2002, which provides the most sophisticated technologies available to protect against Internet threats without sacrificing usability, she said. The software detects active scans and automatically blocks hackers from accessing the user’s computer and any suspicious goings-on within the computer is reported with a threat-level assessment to help users make the right choice, she said. One of the readers who sent an e-mail to In.Tech about the incessant attacks made on his PC wanted to know if it was possible to report the attacks. If a user finds many hacking attempts made on their machine, they can report the incidents to MyCERT at mycertat_private They need to provide information relevant to the incident, such as the attacker’s IP address and when the attacks occurred, she said. The information can be retrieved from most host-based firewalls, which dutifully keeps track of all attacks in a log file. MyCERT will act as the intermediary in coordinating response from various parties, including Internet Service Provider, law enforcement agencies and international incident response teams. A brief observation of the attack would also be helpful, she said, adding that users should read the article titled Incident Reports at Niser's website for detailed steps of the process. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Mar 29 2002 - 04:33:46 PST