#
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Another Type Of Virus Hits The World (And Gets Microsoft No Less)M. Reed - November 9, 2000
Event Summary
A number of anti-virus vendors, including Trend Micro and Computer Associates, have warned of a virus with a new approach. It is known variously as QAZ.TROJAN or QAZ.WORM, and was officially re
named to W32.HLLW.Qaz.A in September. The virus enters via unprotected shared drives and replaces the Notepad.Exe application (there have been occasions where Notepad was not the victim). The virus then provides a backdoor to outside intruders, in effect
giving them remote control over the computer that has been infected.
According to Simon Perry, vice president of security solutions at Computer Associates, "While CA's InoculateIT (based on a product acquired from Cheyenne) has provided protection against Qaz.Trojan since August, the Microsoft attack un
derscores the requirement for users to ensure that virus signatures are maintained to avoid critical data being hijacked." (A Microsoft spokesman issued a press release on October 27 stating that "no source code was compromised" during the virus attack.)
Note that the drive does not have to be "mapped" to any other machines, the virus will spread to any machine it finds where the windows directory is shared.
Interestingly, once the machine is infected, the virus attempts to send the infected computer's IP address to an e-mail address in China. You never know where these viruses will come from, Bulgaria used to be a very popular germination
site.
Market Impact
This event simply underscores the importance of eternal vigilance on the part of system administrators and PC users. Education may prove to be the key, since many people do not know that:
Anti-virus software virus identification strings do not update themselves. Thus, the machine is susceptible to newer variants of the original virus ("QAZ" already has at least four variants
). The cure for this problem is that most current anti-virus software will automatically either dial in to the vendor or connect via the Internet and update the strings on a scheduled basis. Unfortunately, this is often defeated because users don't have
a persistent Internet connection, or turn off the machine during the period during which it is scheduled to update.
Many users turn off the anti-virus software because they believe it slows down their machine. This can be resolved by settings in the anti-virus software as to what file extensions should be examined during the scan. We will not list all the permutat
ions here, but at the least, data files should only be scanned monthly (.TXT, .WRI, etc.).
However many users do not have anti-virus software installed at all! Too expensive, don't see the need, the list is virtually endless. Users should purchase and install anti-virus software on every machine the
y control. The software should be able to detect viruses that are still "in the wild". Many new viruses are written and distributed every day. An "in the wild" virus is one which has been discovered but not yet cured, or the cure has not yet been distrib
uted.
User Recommendations
Here are some suggestions to protect your machines. They mostly pertain to this specific virus and are not comprehensive. The user community should observe the following rules as if they we
re written in stone:
- NEVER share the Windows directory or the root of the C drive (or the root of any other drive for that matter).
- Any shared drives which you do allow should have specific permissions for specific users and an assigned password.
- Update your virus strings from your anti-virus vendor at least weekly.
- USE your anti-virus software!
- Read the manual and/or on-line documentation which comes with your anti-virus software. It contains many more useful tips to protect your data.
Evaluate the available anti-virus products before you purchase. Where possible, choose a package with heuristic capabilities (the product does not only search for strings, it also watches for virus behaviors). A short list of vendors to be considered
would be Computer Associates, F-Secure, Network Associates (3 different packages), Norman, Symantec (which now owns Norton Anti-Virus, currently the best selling package on the market), and Trend Micro.
#
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
|
|
 | Xilisoft MP3 WAV Converter | 
Xilisoft MP3 WAV
Converter is an
excellent audio
encoder with
easy-to-use
interface and
perfect outp... |
| Power MP3 WAV Converter | 
Power MP3 WAV
Converter is a
super and
ease-to-use tool
that directly
converts audio
format MP3, WAV... |
| Power CD to MP3 Maker | 
Power CD to MP3
Maker is a powerful
and extremely
ease-to-use tool
for converting
audio CD tracks to... |
| Webcam Zone Trigger | 
Zone Trigger is an
innovative,
intelligent motion
detection software
that gives you full
control ove... |
| File2Pack | 
File2Pack (File To
Pack) is a packed
file manager
capable of creating
and extracting
highly compress... |
|
You can get our free e-mail newsletter that highlights the latest software news and updates enter your email address and hit OK.
|
|
|
|
