Worms on the Internet
On September 18, 2001, another kind of terrorist attack was underway world-wide: from Norway to the U.S. to Australia. The attack took the form of a worm which clogged computer networks and struck again at Microsoft's weak security in it's products. While the world was focused on the news of the catastrophes at the World Trade Center and the Pentagon, some hackers unleashed the "Nimda" program, and Windows computers and servers across the globe began failing. The attack was so severe that some computer security experts urged us not even to surf the Internet until we had updated our anti-virus programs.
I am in the Internet business and am connected 24/7 via DSL in Sandpoint. On the morning of Tuesday the 18th, after I discovered I wasn't getting all my e-mail and my web sites weren't coming up, I sent an e-mail to my server company. Here is what they told me, "We understand you are experiencing major problems with http connections and email on your servers. Originally we thought the problem was related to internal switching issues, but we have learned there is an internet wide issue with code red variant virus attacks. Though our servers are not susceptible to the virus itself, we are experiencing major issues with the http connections and email due to the server load caused by these attempts." My sites weren't the only ones down, and I was amazed at how many well-known sites were unavailable. Soon, news stories began to appear on the Internet about Nimda.
Here is a sample of the Internet headlines from several major news and technology news sites on September 18th:
CNN.com: Aggressive new worm threatens Web users (4:44 PM EDT)
SiliconValley.com: Ashcroft Warns of new Internet worm said to be worse than 'Code Red' (3:44 PDT), Fast-spreading 'Nimda' worm targets networks (8:46 PM PDT) ZdNet.com: Nimda hits Windows and Web systems (no time).
Over the next few days there were some web servers down for a few hours, but by Friday, things were almost back to normal. The concern is that these Internet/ Worms– cont’d from page 1
computer attacks will be worse in the future, and may be targeted at strategic and vital services such as hospitals, power grids and banks. The FBI immediately began investigating Nimda. Although the FBI could find no link between this cyberterrorism and the events of September 11, the NIPC (National Infrastructure Protection Center) released an advisory on the 18th regarding Nimda. Both the FBI and NIPC continue to analyze the worm.
Hackers, who were once considered merely a nuisance, will now be known as cyber-terrorists. I think they will be taken more seriously in the future, as we have realized that terrorism of any sort cannot be tolerated in our world. What can we do as computers users to protect our computers and data? More importantly, is there anything we can do to prevent such attacks from escalating to the point where web and mail servers are unable to function for hours (or days) at a time? This is an important issue since our economy depends on the Internet as more and more businesses use it for communications, document transfers, sales and support.
The good news is there are several things we can do. Businesses especially should consider Linux servers, and possibly Apple Macintosh computers. Both the Linux and Macinotsh operating systems are more cleanly written and more secure than Windows. Keep in mind that Code Red and Nimda only attacked and spread through Microsoft products: both Windows operating systems and Outlook e-mail clients on PCs.
Regardless of which computer or operating system you use, you should have, use and update your virus protection software. In the past, virus protection programs running constantly have been a pain to those of us in the graphics business, because they slowed our machines down. Now, RAM is cheap - buy more - and if you're not sure when to scan files for viruses, leave the auto-protect feature ON. Here are sources on the Internet for virus protection and information:
CentralCommand.com, makers of AntiVirus Expert, free online scanning and removal tools available. Wintel/PC only. Symantec.com/avcenter/: makers of Norton AntiVirus, Personal Firewall and Privacy Control, free online security check and removal tools, glossary of Internet security terms, virus dictionary. Macintosh and Wintel/PC. McAfee.com/antivirus/: makers of VirusScan and Personal Firewall, online virus map, news and calendar. Macintosh and Wintel/PC.
The products above can be purchased from any computer software dealer or office superstore. Many discount stores also carry these products. Be sure to either check those web sites regularly for updates, and sign-up for their free e-mail alerts. If you have several computers, make sure all of them are protected and regularly updated.
Now comes the really hard part of your work to prevent the spread of these attacks. You must change the way you send and receive e-mail, especially when using Microsoft Outlook and Outlook Express. Even if you're only sending personal e-mail, your e-mail with huge attachments can clog mail servers, especially if your e-mail contains a virus. The first sending rule is never attach something you can provide as a web site link. If you find something on a web site, just copy the address, including the http:// and paste into the body of your e-mail. The recipient of your e-mail need only click on the address in the e-mail to be taken to the web site. The second rule is never attach a word processing document from which you could copy and then paste the text into an e-mail. The third rule is about communication: if you are sending attachments to colleagues or other businesses, let them know by phone, e-mail or fax, prior to sending the e-mail with the attachment.
My policy since September 18 has been to delete, without reading, all e-mails with attachments, unless I was expecting the attachment. I even delete those from people I know. I am aware of several people who've gotten viruses from their "friends."
Although I am not a fan of Netscape, and haven't been since the AOL buyout, the more research I do, the more I can understand why those interested in security would use Communicator for a browser and e-mail client. I find the e-mail software extremely limiting however, and recommend Eudora as an alternative to Outlook Express.
Since I have a DSL connection for the Internet, I use firewall software for my single Macintosh. I need a firewall because my "always on" connection lets my computer be recognized as a web server, and there are always others looking to access web servers. My firewall software provides me with a report showing all attempts to access my computer. Normally, I would have 20-25 access attempts per day. Since the 18th, I've been averaging over 80 attempts per day. This morning, I had 54 in a two hour period. So, anyone using or considering a high speed connection to the Internet should know that a hardware firewall is essential for a network of computers, and highly recommended for even a stand alone computer.
Since September 11, we have all become more vigilant about security. Our vigilance must extend to Internet activities as well.
Laura Bry is the owner/operator of Sandpoint Macs. You can reach her at [email protected]