A worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself.

Worms use parts of an operating system that are automatic and usually invisible to the user.

It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

What Is A Trojan Horse?

Trojan horses are malicious programs disguised as something benign. They’ve been known to pose as games, utilities, and email attachments. Once opened, Trojan horses act much differently than you expect. Some merely annoy, sending emails to everyone in your address book. Others do serious damage, to the point of stealing passwords and data files. Unlike viruses, Trojan horses are not self-replicating.

Active Trojan horses are an advanced type of Trojan horse. They use unprotected ports to open lines of communication with your computer, and they can ultimately give hackers control over your machine. Active Trojan horses are also called Remote Access Trojans.

Looking for a good read? Check out the FBI’s 2005 Computer Crime Survey at www.fbi.gov. After surveying over 2000 small and large private and public organizations in the Unites States, the FBI found:

Frequency of attacks. Nearly nine out of 10 organizations experienced computer security incidents in a year’s time; 20% of them indicated they had experienced 20 or more attacks.

Types of attacks. Viruses (83.7%) and spyware (79.5%) headed the list. More than one in five organizations said they experienced port scans and network or data sabotage.

Financial impact. Over 64% of the respondents incurred a loss. Viruses and worms cost the most, accounting for $12 million of the $32 million in total losses.

Sources of the attacks. They came from 36 different countries. The U.S. (26.1%) and China (23.9%) were the source of over half of the intrusion attempts, though masking technologies make it difficult to get an accurate reading.

Defenses. Most said they installed new security updates and software following incidents, but advanced security techniques such as biometrics (4%) and smart cards (7%) were used infrequently. In addition, 44% reported intrusions from within their own organizations, suggesting the need for strong internal controls.

Reporting. Just 9% said they reported incidents to law enforcement, believing the infractions were not illegal or that there was little law enforcement could or would do. Of those reporting, however, 91% were satisfied with law enforcement’s response. And 81% said they’d report future incidents to the FBI or other law enforcement agencies.

Conclusion: Computer crime is serious and every company must give it high priority.

So if I were the bad guy wanting to pillage, your company’s proprietary information, here’s how I might do it:

Tap your wireless network. Despite all the warnings, many companies so not protect their wireless networks. The router’s login and password are the same factory defaults and no one bothered to use the built-in encryption. Danger: I can access your files.

Send email containing a payload. If I can just get someone to click on the attachment, then I’m in. I can remotely record all keystrokes from the infected machine, including logins and passwords and email communications.

Send an email which looks official. In this case, I impersonate your bank, for example, with an official looking email which includes some call to action, like “Please take care of this now or the account will be closed.” I may ask for logins and passwords or just entice the user to click on a link. Most organizations don’t teach their employees about such tricks. They are easy victims.

Call and pretend to be “Barry upstairs in tech support”. This tactic is called social engineering. You may have never heard of “Barry”. Neither have your employees. They just want their computer to work well. Barry to the rescue. Again, the employee doesn’t know any better. There goes a network login and everything else on that network.

Hire the janitor. Most computer crime comes from within the company. Known as the ‘triangle of opportunity’, an employee – for whatever reason – feels he’s been victimized, they are owed something in return, and there’s a good chance he can get away with it. If I can gain physical access to a computer, I can quickly and easily install hardware that will record everything done on that computer and email me hourly reports. Game over.

For more info, please checkout www.infragard.net. Feel free to email (help@supergeeks.net) or call me (808.942.0773) if I can help with anything. And no attachments, please!

DO
• Use a password with mixed-case letters. Use uppercase letters throughout the password.
• Use a password that contains alphanumeric characters and include punctuation, where supported by the operating system.
• Use a password with mixed-case letters. Do not just capitalize the first letter, but add uppercase letters throughout the password.
• Use at least six characters, eight characters for Windows NT.
• Use a seemingly random selection of letters and numbers.
• Use a password that can be typed quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by looking at your keyboard (also known as “shoulder surfing”).
• Change passwords regularly. The more critical an account to network integrity (such as root on a Unix host or Administrator on Windows NT), the more frequently the password should be changed. This change stops someone who has already compromised an account from continued access.

DO NOT
• Use a network login ID in any form (reversed, capitalized, or doubled as a password).
• Use your first, middle or last name or anyone else’s in any form. Do not use your initials or any nicknames you may have or anyone else’s.
• Use a word contained in English or foreign dictionaries, spelling lists, or other word lists and abbreviations.
• Use other information easily obtained about you. This includes pet names, license plate numbers, telephone numbers, identification numbers, the brand of your automobile, the name of the street you live on, and so on. Such passwords are very easily guessed by someone who knows the user.
• Use a password of all numbers, or a password composed of alphabet characters. Mix numbers and letters.
• Use dates e.g., September, SEPT1999 or any combination thereof.
• Use keyboard sequences, e.g., qwerty.
• Use a sample password, no matter how good, that you’ve gotten from a book that discusses information and computer security.
• Use any of the above things spelled backwards, or in caps, or otherwise disguised.
• Write a password on sticky notes, desk blotters, calendars, or store it online where it can be accessed by others.
• Use shared accounts. Accountability for group access is extremely difficult.
• Reveal a password to anyone.

SUGGESTIONS
Common suggestions for constructing seemingly random passwords are:
• Use the first letter of each word from a line in a book, song, or poem. For example: “Who ya gonna call? Ghost Busters!” would produce “Wygc?GB!”
• Use the output from a random password generator. Select a random string that can be pronounced and is easy to remember. For example, the random string “adazac123″ can be pronounced a-da-zac, and you can remember it by thinking of it as “A-to-Z,1 through 3.” Add uppercase letters to create your own emphasis, e.g., aDAzac.2
• Use two short words connected by punctuation, e.g., T1me#0ff
• Use numbers and letters to create an imaginary vanity license plate password, e.g., 1H8work!

A common theme of these suggestions is that the password should be easy to remember. Avoid passwords that must be written down to be remembered. If unrecallable, someone in your office may find the password you have written down, and compromise your network identity.
These guidelines and suggestions should enable you to choose strong passwords that will help you improve the security of your system.

Additional Notes:
The CERT/CC (Computer Emergency Response Team / Coordination Center), a federally funded organization based at Carnegie Mellon University, estimates that 80% of all network security problems are caused by bad passwords; therefore, good passwords are the simplest, and most important part of information security.

The virus du jour (Conficker worm) has come and – well – stayed! The much anticipated April 1st date of doom and gloom seems to have been a false alarm. Yet some 10 million computers remain infected by a masterfully crafted virus with unknown intentions.

We can expect more of the same.

Cybercrime is very profitable. A recent study by security firm Finjan estimates a single hacker can make as much as $10,800 a day exploiting systems, or $3.9 million a year.

With numbers like that, it’s not surprising hacking is attracting the brightest minds in the industry as well as the most sophisticated organized crime syndicates. Indeed, hacking is now considered as lucrative as drug trafficking and prostitution.

Yuval Ben-Itzhak, Finjan’s chief technology officer, said: “Cybercrime today is a very, very big business and those behind Conficker have spent a lot of money organizing, writing code and securing these machines so they will be looking for a return soon.

“This type of cybercrime activity is here to stay and will grow because there is so much money involved and it’s hard to get caught.”

Compromised computers are typically harnessed at-will by cybercriminals to send spam, collect confidential information, and to extort money from websites. In this case of extortion, an online business is forced to pay ‘protection’ or risk having the business’ site go down for hours or even days as a result of those 10 million compromised computers trying to access it at the same time. How much do you think a successful online gambling operation is willing to pay for ‘protection?’

Some interesting facts from Symantec:
• A data breach can increase customer turnover by as much as 11%
• Nearly 60% of corporate information resides on unprotected desktops and laptops
• Spam accounts for 80% of the worldwide email
• Poor system configuration is directly responsible for 65% of all system weaknesses
• Over 85% of corporate systems are not backed up

Bottom line: We should continue to embrace the internet and computing, in general, but do so with an abundance of caution. Be sure to keep your security software is updated, be vigilant and refrain from dangerous online activities, like downloading bootleg music. And by the way, Macs still remain relatively unscathed from such attacks…