The Sysbug-A virus has been set loose and is attacking โthe usual suspectsโ โ meaning that Microsoft Corp. Windows users should be on alert, according to one IT security company.
According to security provider WhiteHat Inc., those vulnerable to the virus include anyone using Windows 2000, Windows 98, Windows 95, Windows ME, Windows NT and Windows XP.
Tom Slodichak, chief security officer at Burlington, Ont.-based WhiteHat, said that Windows users are most often picked on by virus writers simply because of the sheer number of them out there.
โIf something like 90 to 95 per cent of the worldโs desktop users are using Windows software both in the enterprise and at home, you are not going to go after small pockets of unusual operating systems,โ he explained.
Slodichak described Sysbug-A as a โclassic e-mail virusโ which is originating from an account called [email protected].
โItโs always the same subject line โ Re: Mary โ and the e-mail claims to have a zip file of photos of a tryst and tries to get the user to click on it and open it up,โ Slodichak explained. โBut it includes an executable that drops a Trojan onto that machine which will enable some unknown party to potentially take full control of that machine at will.โ
He added that a user wouldnโt realize that his or her PC had been taken over immediately, but because the virus releases an unauthorized program or Trojan, the virus writer will have full access to the machine as if he was sitting at the infected computer himself.
โThe Trojan doesnโt cause any damage to the PC immediately. It doesnโt erase files, it doesnโt cause any misbehaviour that the user can detect but Trojans have been implicated in denial-of-service attacks or distributed denial-of-service attacks such as those on Amazon and eBay a couple of years ago,โ Slodichak explained.
There are both proactive and reactive measures that can be taken to fend off viruses, Slodichak said, including deleting suspicious e-mails that come from unrecognized sources or that have subject lines that simply donโt make sense.
Most importantly however, users need to perform constant virus checks.
โIn other words, have an antivirus program installed. Generally speaking they are about $50 per year depending on the subscription and now there are also automatic updates whenever a new [virus] signature is available,โ he added.
Linda Stutsman, chief information security officer at Xerox Corp. in Rochester N.Y., said that although Xerox hasnโt been hit by the Sysbug-A virus, it is ready for it.
โWhen we first heard about this virus, we immediately [went] out and [did] research on it to see what kind of a payload it has, what kind of attachments it has, what the subject line might say, and we changed our filters on our external relays to block those particular subjects,โ Stutsman explained.
Like Slodichak, Xeroxโs Stutsman agreed that one of the most important weapons when fighting viruses is keeping antivirus software up-to-date on all servers and clients.
For the past seven-and-a-half years Xerox has had an emergency response team in place to respond to viruses, but so far it has not seen any major business impact because of a virus.
โBy major business impact I mean that weโve stopped business process, that we have shut down the mail system โ we have never had to do that. But we always have the plans in place just in case,โ Stutsman said.
Slodichak said that although virus writer โvillainsโ are getting more sophisticated in their work, there is currently no new โradical technology to detect or cleanse machines of viruses.โ
He added that the โold and reliable technologyโ that is used today by matching incoming messages with signatures is still the most effective way to fight viruses.
โThe industry is looking for means of detecting viruses without having that signature updated to your directory, but nobodyโs come up with any sort of viable technology yet. So, thatโs the one weak link. You have to have your antivirus and your auto updates up if up if you want to be assured of antivirus protection.โ