[ISN] Rampant attacks on home PCs

From: InfoSec News (isnat_private)
Date: Fri Mar 29 2002 - 00:55:14 PST

  • Next message: InfoSec News: "[ISN] Security agency’s CIO outlines transformation plans"

    Wednesday, March 27, 2002
    PETALING JAYA: Users who have installed host-based firewall software
    on their home PC are beginning to notice an unusual number of
    attempted attacks on their home machine and are perplexed by it.
    National ICT (Information Communication Technology) Security and
    Emergency Response Centre or Niser ( www.niser.org.my ), said the
    attacks are largely due to "active scanning" by automated tools
    initiated by human or run by malicious codes targeted at any computers
    connected to the Internet.
    "Until now, scans by old viruses such as CodeRed and NIMDA are still
    active although the number have dwindled compared to the first three
    months when the viruses were first detected last year," said Raja
    Azrina Raja Othman, Niser Assistant Director 1.
    (The CodeRed worm racked up damages in excess of US$2.6bil (RM9.9bil)  
    worldwide, while the NIMDA virus spread like wild fire and infected
    over 2.2 million servers within a 24-hour period.)
    Host-based firewall software, which sits on the user's computer,
    monitors incoming and outgoing data traffic and will block out
    unauthorised access to the computer.
    "The active scanning probably has always been there, except it has
    been hardly noticed when host-based-firewall were not prevalent among
    PC users back then," she said.
    Active scanning on the Internet has been reported ever since hacking
    tools and Trojans became widely available in 1998, she told In.Tech.
    Also, certain Trojans like Netbus or Subseven, make it easier for
    other malicious programs to breach a PC's security, Raja Azrina said.
    Viruses replicate themselves and spread to other computers via the
    Internet, e-mail, infected programs and floppy disks, and usually -
    but not always - cause some harm to its host.
    Trojans, unlike viruses, do not replicate themselves and require
    someone to plant them in your machine or send it to you via e-mail.  
    Usually Trojans cause damage or compromise the security of the
    intended computer.
    Niser, set up by the National Information and Communication Technology
    Council (NITC) last year, works with government and private bodies to
    address security-related issues in the country.
    Niser was originally expanded from the Malaysian Computer Emergency
    Response Team (MyCERT), which was set up in 1997.
    However, security specialist Symantec Corp (M) Sdn Bhd (
    www.symantec.com.my ) said that consumers are becoming a bigger target
    because home computers are easier to break into.
    "Home computer users are houses with the doors and windows open
    whereas big corporations know that they are targets and have hired the
    appropriate IT staff to help "lock" their machines from would-be
    hackers, said Gun Suk Ling, Symantec country manager for Malaysia and
    According to Gun, being a hacker no longer requires a lot of technical
    knowledge and one can easily download various hacking tools from the
    To gauge the extent of attacks on consumers, the company invited home
    computer users from the Sydney PC User Group in Australia to
    participate in its research programme.
    Research participants were given a copy of Symantec's Norton Internet
    Security and asked to carry on surfing the Internet as usual, while
    the software logged hacker activities without alerting the users.
    In the period of one month over which the research was conducted, the
    research participants recorded 1,199 attempted intrusions. And one
    person received 166 attacks in just 14 days, she added.
    According to statistics on Niser's website, viruses posed the biggest
    threat last year, with hacking attempts and intrusion coming in second
    and third respectively.
    Users can best protect themselves with a properly configured antivirus
    program or host-based firewall, said Gun, adding that most PCs sold
    these days should be bundled with an antivirus software.
    "Antivirus software should not be a luxury item for PCs anymore; it is
    a necessity," Raja Azrina said.
    Antivirus software needs to be updated regularly and users need to be
    educated on basic do's and don'ts of protecting a PC, she said.
    For instance, users should practice caution when opening suspicious
    looking e-mail messages because a majority of malicious code travels
    and infects computers via e-mail attachments, she said.
    If users decide to rely on host-based firewalls, they need to do a
    certain amount of configuring to make sure they get optimum protection
    because some of these software do not offer much protection on default
    settings, she said.
    A properly-configured host-based firewall will help prevent unwanted
    traffic from entering or leaving a PC even if the PC has been
    infected, she said.
    With the precautions it is safe to access the Net but there is never
    100% guarantee because there has been and will always be new and
    innovative bugs that will find a security loophole in a PC, she said.
    Symantec said that while viruses remain the primary threat to online
    users, anti-virus software does not stop hackers from breaking into a
    "Hackers rely on a variety of tools to identify computers on the Net
    and to break into them and antivirus software would not stop that from
    happening," said Gun.
    "Every minute your computer is online, it's vulnerable to intrusions
    and information theft. That's true no matter what kind of Internet
    connection you have therefore it is important to install an effective
    firewall and antivirus software for complete protection," she said.
    Symantec recommends using its Norton Personal Firewall 2002, which
    provides the most sophisticated technologies available to protect
    against Internet threats without sacrificing usability, she said.
    The software detects active scans and automatically blocks hackers
    from accessing the user’s computer and any suspicious goings-on within
    the computer is reported with a threat-level assessment to help users
    make the right choice, she said.
    One of the readers who sent an e-mail to In.Tech about the incessant
    attacks made on his PC wanted to know if it was possible to report the
    If a user finds many hacking attempts made on their machine, they can
    report the incidents to MyCERT at mycertat_private They need to
    provide information relevant to the incident, such as the attacker’s
    IP address and when the attacks occurred, she said.
    The information can be retrieved from most host-based firewalls, which
    dutifully keeps track of all attacks in a log file.
    MyCERT will act as the intermediary in coordinating response from
    various parties, including Internet Service Provider, law enforcement
    agencies and international incident response teams.
    A brief observation of the attack would also be helpful, she said,
    adding that users should read the article titled Incident Reports at
    Niser's website for detailed steps of the process.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Mar 29 2002 - 04:33:46 PST