TECH TALK

Virus/Antivirus

If you’ve been feeling under siege lately from computer viruses and worms, you’re not paranoid. Yes, the authors of this malicious code really are out to get you, and with increasing frequency. Apparently, they’re out to get each other, too.

The makers of antivirus software have discovered taunting messages buried in the code of several worms currently plaguing the online world. It appears the authors of the Beagle, MyDoom and Netsky variants are trying to one-up each other in a virus-writing war.

For example, found inside Netsky.F are the words “Beagle – you are a looser!!!!” In turn, recent MyDoom and Beagle worms include messages for Beagle’s author, saying his or her actions will “ruin our business” and threatening, “wanna start a war?”

And the war appears to be well under way. Antivirus companies report that the pace of release of new versions of these worms is quickening, forcing them to scramble to issue updates for their scanning products.

All of these worms are propagated via email, arriving as an attachment to messages that entice users to open them. Beagle worms warn about some kind of problem with the way you use your computer: subscription expiration, a problem with a paid account, or a system administrator’s alert. Netsky and MyDoom usually make reference to some type of document, such as a Word, Excel, music or picture file. Some variants of MyDoom also mock Microsoft, with a subject line that reads, “micro$oft must die. Support us!”

Of course, viruses and worms dispatched via email would not be a problem if clueless users didn’t click on the attachments in the first place. Yes, virus writers are scum who deserve whatever maximum punishment the law allows. But those who, after countless warnings, still click on attachments they’re not expecting—or who don’t run up-to-date antivirus software that would catch this junk—bear much of the blame.

There have even been calls for an “Internet driver’s license,” in which users would have to prove they know what they’re doing before being granted access to the online world.

The argument for that idea goes something like this: A computer network is a combination of various users’ resources, shared for the benefit of all. It is, in other words, a community. Each member of the network community has a responsibility to behave in a manner that won’t disrupt or harm others.

When a user clicks on a virus, that’s not simply damaging one computer—and with some stealthy viruses, the infection may not be readily apparent. Rather, because most modern viruses try to spread via email, that action puts at risk everyone whose address is found on the infected PC.

There are more complications. Viruses emailed to corporate addresses can trigger an alert to the sender from firewall-based antivirus software. Because most viruses that spread by email falsify the sender’s address, those alerts are more than useless. They can clog up mail servers and render inboxes unusable.

And speaking of responsible network behavior: Although many system administrators have figured out that this feature of corporate antivirus software is a menace, not enough have. If you’re in charge of your company’s computer security and you’ve got virus alert notifications to senders turned on, stop reading this and go disable it. Now. We’ll wait for you to return.

Finally, many of the current crop of viruses do more than just try to infect other machines. They also open up a port on the computer and allow a hacker to take control. These so-called “zombie” machines can and have been used to attack other computers on the Internet. Some antivirus experts speculate zombie PCs could be used to blast huge amounts of spam.

Requiring that folks know the basics about computer security before giving them access to the network is akin to making sure a driver knows how to safely operate a car before he or she is allowed to take to the public roadways. On the surface, it makes a lot of sense.

But something needs to be done to ratchet down the mayhem, both by catching and punishing virus writers, and by convincing people not to click with abandon on everything that comes into their inbox—before the criminal and the clueless few ruin the Internet for the responsible many.

Franco O. Mendoza is Systems Administrator of Verizon. E-mail him at franco.mendoza@vzpacifica.com.