Over the past week, a series of viruses most recently one known as Sobig-F have infected e-mail systems worldwide, resulting in millions of unwanted messages. To help small businesses thwart future outbreaks of looming virus variants, SmallBusinessComputing gathered advice from several industry experts.
Joe Hartman, Trend Micro director of anti-virus research for North America, said there isn't a whole lot of difference between small businesses and large corporations when it comes to protecting their assets from worms, viruses and spam.
"Small businesses don't look very different from large corporations," Hartman said they all need protection at the gateway level and a firewall, as well as software updates at the desktop."
Unfortunately, smaller businesses usually don't spend as much time or money on IT security. Large corporations typically have dedicated staff specifically tasked with protecting their networks, but smaller businesses usually only have one system administrator, if that, responsible for all aspects of networking and business communications. Consequently, smaller businesses can't respond to threats as quickly as large corporations, so worms and viruses tend to create more mayhem with smaller networking systems.
Annie Chen, Trend Micro small business and consumer product manager, said the company's goal is to develop products that are easy for small business and home office users to install and implement putting small business networks on level ground with large corporations.
"We consider small businesses as those that connect 50 users or less," Chen explained. "Medium-sized businesses connect 50 to 250 users, and large businesses connect more than 250 users. It's important that our products help all businesses be able to get help on the spot and isolate infected PCs when a worm or virus strikes."
Hartman said network administrators need to make sure that their systems are up to date with the latest patches when a new worm or virus strikes.
"The most important thing is to make sure patches are updated to prevent viruses from infecting PCs in the first place," Hartman said. "Also, make sure there's a desktop application available to run automatic removal programs on infected PCs."
Toward this end, Trend Micro provides a free desktop scanner service over the Internet. The application automatically removes viruses from infected PCs. As of last week Wednesday, Trend Micro's scanners had detected and removed 150,000 Sobig-F virus-infected files. The virus spread at a record pace. According to Hartman, the good news is that the faster a virus spreads, the sooner it disappears.
"Typically, the faster a virus comes on, the faster it disappears," Hartman said. The media helps because people know about major outbreaks faster and users can get protection faster."
Live Fast, Die Young
Sobig-F seems to have lived a short, but destructive, life. The virus, which was creating chaos throughout IT departments most of last week, seems to have petered out over the weekend. Experts say that this particular strain of strain of virus was the fastest spreading seen to date.
America Online saw e-mail traffic nearly quadruple last Wednesday, according to AOL spokesman Nicholas Graham. AOL scans e-mail attachments at the gateway, checking for viruses. On an average day, Graham said AOL scans approximately 11 million attachments. On Wednesday, the staff scanned 40.5 million e-mail attachments and found 23.7 million were infected with viruses. Of those, 23.2 million were infected with Sobig-F.
To help put the threat from Sobig-F in perspective, Symantec Security recorded 4,516 submissions per day of the Klez.H virus at its peak in April. At the outbreak of the BugBea.B worm in June, Symantec reported 4,812 submissions per day. When BadTRans appeared in December 2001, Symantec received 3,709 submissions per day at its peak, which evaporated into the ether seven days after it was discovered.
"While Blaster and Welchia primarily impacted large enterprises, Sobig.F is predominately affecting consumers and small businesses," said Vincent Weafer, senior director, Symantec Security Response. "Computer users should be reminded of computer security best practices and should not open attachments unless they are expecting them."
More Worms in the Works?
Security experts agree that the Sobig-F assault seems to have peaked Wednesday afternoon, when the worm accounted for at least 70 percent of all e-mail flowing around the world. But new variations of the fast-spreading worm are said to be in the works.
Sobig-F is designed to die out on Sep. 10. That's leading many analysts to suspect that the next variant will hit on Sep. 11 or soon after. And if the looming variant builds on the malicious success of Sobig-F, the damage done could be far worse than what most PC users experienced last week.
Anti-virus software maker Central Command cautions PC users that when particular conditions are met, the Sobig-F worm will attempt to download additional components of the attackers choice. The pre-configured conditions include performing tests to determine if the current day is Friday or Sunday between the hours of 19:00 (7PM) and 22:00 (10PM) UTC time. When these conditions are met, the worm might attempt to retrieve further instructions that may include downloading and executing a backdoor hacker program. Backdoors can allow someone will malicious intent to gain full control of the infected computer.
"The virus author(s) of Sobig-F have developed a predictable pattern of releasing new variants soon after the current version de-activates itself," said Steven Sundermeier, Central Command vice-president of products and services. "If the past repeats itself we could be looking at a newly constructed creation shortly after September 10th. A potential risk is that the massive army created by the Sobig-F worm could be used to launch an all out attack on large Internet infrastructures, for example, by means of a Distributed Denial of Service attack (DdoS)."
In the Meantime
While the security experts continue to monitor all the potential uses for creating such a large arsenal of controlled systems, they highly recommend developing safe computing practices when handling e-mail attachments to prevent future widespread infections.
Chris Neal, Sage research director, said the most effective way to stop malicious viruses is to spread user knowledge as fast as the worm.
"An IT manager can put a great security policy on paper, but if there's no enforcement of the policy the next virus will slip through the cracks," Neal said. "IT managers want software makers to develop technologies that take users out of the process providing a centrally controlled IT system that allows for fixes to be pushed to end users."
But no such system exists at this time. Trend Micro's Hartman warns, "viruses like Sobig-F are not going to go away. Hackers will continue to look for security holes in software to launch new exploits and software makers will continue to patch the holes." Chen added that it's just like the flu season. "We offer flu shots, but some people still get the flu," she said.
For now, the most effective way to stop malicious worms and viruses is to spread user knowledge as fast as the worm. The most up-to-date anti-virus protection is worthless if one user opens up an infected e-mail packet.
Trend Micro offers a safe computing guide that can help businesses of all shapes and sizes educate users about protecting their PCs from worms and viruses. Small businesses might not have the IT staffing to set up world-class security systems, but they can commit to educating employees about e-mail threats.
The steps to protect small business PCs are simple and available online as long as you make certain to download or purchase software from trusted, reputable sources. Install anti-virus programs on PCs and keep them up to date. Get the latest patches and updates for your operating system and servers and use them. Teach employees to never automatically open e-mail attachments, and make backups of important files.
End user knowledge, in tandem with keeping patches current and desktop anti-virus programs up to date, offers everyone home offices, small business and large corporations alike the best of line of defense available against viral outbreaks like Sobig-F.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|