news

on user’s seasonal sensibilitiesin order to propagate itself.

The Sophos charts do showthat script viruses are the mostmalignant: accounting foronly 6% of viruses but a mas-sive one in three infections.

2000 also saw some hit andmiss virus-related prosecutions:the author of Melissa is stillawaiting a resolution in his case,despite having pleaded guilty,while the writer of the Love Bughas walked free in thePhilippines, due to the lack oflegislation in his country.

W2K Prolin wormrecommendsLinux

An Outlook worm, Prolin,carries a payload whichmoves files and changes theirnames by adding the string,“change at least now toLINUX”. It masquerades as aShockwave Flash movie called CREATIVE.EXE.

Prolin runs best on theWindows 2000 operating system, where MSVBVM60.DLL is switched on as adefault. It can run in 95/98 ifthis file (a Visual Basic 6.0run-time library) is manuallyswitched on.

The worm’s payload is tomove all ZIP, MP3 and JPGfiles which are stored on thehard drive to C:\, and adds totheir filename.

Kaspersky Labs has classified it as medium riskbecause it makes no irreversible changes to files.

However, sometimes the filescan be lost — through lack ofhard disk space or by exceedingthe amount of files allowed inthe C:\ directory, for example— so if encountered it is best totreat this worm with caution.

Prolin hails from Poland. Itsauthor goes by the handle of‘the penguin’.

Users taught factsof life online

Safe computing seems to havebecome the new safe sex.Groups including securityfirms, anti-virus vendors andgovernments are promotingprotection through educationand the use of common sense.

Such tactics are spelled out ina guide from F-Secure aimed atPC users. F-Secure’s researchand development labs haverecently discovered many newviruses, particularly worms.

There has also been a spateof attacks involving wormssuch as Navidad and Hybriswhich propagate themselvesusing MS Outlook orOutlook Express. F-Secureadvises users to download asecurity patch from Microsoftto stop this happening, and toconfigure Windows to alwaysshow file extensions in orderto prevent corrupted programsfrom pretending to be innocent file-types.

Other advice was to avoid:• Attachments with double

file-types (FILE.TXT.EXE)• VBS, SHS or PIF files as

there is rarely a legitimatereason for sending such filesas attachments

• Unsolicited E-mail withWeb links or attachments

• Attachments with sexualnames (PORN.PIF)

• Downloading anythingfrom strangers in a chat-room or on public news-groups

It is to be hoped that F-Secure’s common sense

advice will be heeded and thatusers will become aware ofsome of the common tricksthat virus writers use to suckerpeople into allowing the propagation of maliciouscode.

See www.f-secure.com.

How to keeppasswords secret

A recent report from Signify spells out the fivemain methods used tocrack traditional passwordauthentication.

The problem with passwords, it seems, is thatauthenticating solely by ‘some-thing you know’ is flawedbecause if you know it, then oth-ers may be able to find it out.

The top five maliciousmeans, according to Signify’sguide, “Cracking the passwordproblem”, are:1. Shoulder snooping —

Modern manners dictatethat colleagues should look away when login is occurring. Airbus has goneas far as to ban its executivesfrom working on projectswhile travelling by air, afterone manager admitted tobeing able to snoop on sen-sitive information on thelaptop of someone sittingnext to him!

2. Guessing — Humannature is to pick a password which is easy to remember— often this is also easy toguess. Also, tools calleddictionaries can be used totry all common passwords.Dictionary search attackscan be combated by forcingusers to select alpha-numeric passwords.

3. Cracking — Even if yourpassword policy is welladministrated, a networksniffing tool such asL0phtCrack is still likely tobreak about 90% of passwords. Network man-agers should use these toolsto audit their system — anduse the results to persuademanagement to invest in strong two-factor authen-tication.

4. Keyboard tapping —Again, this is achievedusing a tool. PC Anywhere,NetBus and Back Orificeare popular tools for gain-ing remote access across aLAN or WAN. Intrusiondetection coupled withanti-virus software is thebest protection, say Signify.

5. Virus infection — Trojanhorses are the most popularmethod of stealing pass-words. Anti-virus software isthe best line of defence.

As Signify is an authenticationservice provider, it is hardlysurprising that they shouldissue such warnings. However,the points they make are valid— the information seems tobe necessary to decision mak-ers. According to a survey byconsultants, Barron McCann,92% of IT managers favouredpasswords as the best protec-tion against data thieves.

Graham Welch from RSAcommented, “Everyone knowsinternal thieves are the largestrisk to any company. IT direc-tors should take responsibilityover security and implementstrong protection againstcrooks.”

Analysts have stated thattokens and smart cards willbecome more common oncethe hardware is in place.

See www.signify.com.

3

Management News

JanCFSB 1/11/01 10:17 AM Page 3