We have experienced several new viruses this week. These viruses spread so rapidly that even small offices with day-old virus definitions have been infected. We’ve been keeping busy helping these customers cope.
There are two new and unique virus threats:
There is a new virus that is using a new trick to evade virus scanners. The Bagle.J worm transmits an infected file within a password protected zip file. It attaches it to an email instructing the recipient to open it. The necessary password is included in the instructions.
At this point virus scanners do not support scanning password protected zip files. So any file that requires a password has not been scanned and may potentially contain a virus.
There is also a new version of MyDoom that will delete Microsoft Office files. If one computer is infected it will start to delete all files on its own hard disk as well as any network shares it finds. This can be devastating to offices that rely on Microsoft documents.
We recommend the following:
1. Make sure all virus definitions are up to date on a daily basis. If you are a large organization (50+) consider updating more frequently.
2. Put email virus scanning in place. If you have a mail server put email scanning on it. If you collect email from an ISP ask about virus scanning services. Net Direct SAVant mail scanning software will work on Linux servers to filter virus emails and can use more than one virus scanner.
4. Be suspicious of any email purporting to have authority (e.g. from a “System administrator”, Microsoft Support, eBay, Postmaster, etc)
5. Consider putting in email filtering software that removes all executable and zip attachments. This will hamper your ability to transfer attachments using email but will prevent a costly infection. Net Direct SAVant mail scanner software can filter attachments by type and it is extensible so support for filtering password protected zip files requires only a little programming.
6. Review your backups and if possible perform a test restore to ensure that data can be backed up. Please feel free to call or email Net Direct for help.
7. Consider extending your backup cycle. Many small offices use a one-week rotation. Consider keeping weekly and monthly backups.
8. If you have an email server consider reconfiguring your firewall to block outgoing email traffic from all workstations. These viruses tend to circumvent your local mail server by sending directly to the Internet.
9. If a computer is infected disconnect it from the network immediately and consider shutting it down. This makes it difficult to update it but it will prevent a virus from deleting any files.
Other things to consider:
Ninety-nine percent of the viruses target computers with Microsoft software. This means that the fewer Microsoft products you use the fewer virus problems you will have.
There are some really good alternatives to Microsoft Software:
Open Office is a free drop-in replacement for Microsoft Office. Since it uses different file extensions than MS Office MyDoom will not delete its files.
Mozilla and Netscape are replacement web browsers that are considered by many to be much more advanced than Internet Explorer. A benefit of switching is a tremendous reduction in those annoying pop-ups.
Consider replacing Windows on your PC with Linux. The Linux desktop has matured to the point that governments around the world are installing Linux, by the thousands, instead of Windows. Net Direct is starting plans to deploy Linux desktops in our customer base.
Free online anti virus scans and spyware* detection:
Trend Micro – Free online virus Scan
from the makes of PC-cillin.
Symantec Security Check
from the makes of Norton Antivirus.
Ad-Aware Standard Edition
THE award winning, free, multicomponent detection and spyware removal utility.
Spybot – Search and Destroy
Can detect and remove spyware of different kinds from your computer.
Written by John Van Ostrand (Net Direct), March 3, 2004