Recommendations for deflecting virus and hacker attacks

26 Aug 2004
Virus News

On 23rd August, a number of dedicated hacker sites published information about an upcoming massive hacker attack on the Internet. This attack is allegedly to be initiated by terrorist groups on 26th August. It seems likely that such an attack would be a DoS attack, possibly combined with a virus attack.

Sadly, the threat of terrorism is a topic on everyone's minds these days. Although an Internet attack by terrorist groups may or may not take place today, such attacks will undoubtedly take place in the future. Kaspersky Lab is now publishing recommendations on what actions users can take to reduce the impact of an Internet attack on home computers and corporate networks.

Home users

Hackers more often than not use home computers to carry out hacker attacks. Users will be unaware that hackers have gained control over their machines. This is done by infecting the victim machine with a virus, or by hacking into an unprotected system. Once hackers have gained control over a victim machine, it can be used either to conduct Internet attacks or to mass mail spam (which often contains viruses). And all of this can be done without the owner noticing anything suspicious.

Users whose computers are permanently connected to the Internet, or who spend a large amount of time on the Internet, should minimize their connection time as far as possible when the possibility of an attack is heightened. Antivirus products must be updated regularly and users are recommended to enable antivirus monitoring, so that the computer is constantly scanned for new malicious programs. It is extremely important to install antivirus database updates promptly. This is because virus attacks may be conducted using new viruses which cannot be detected by old databases. By updating databases regularly, as soon as updates are released, it is possible to completely deflect an attack.

In the case of ADSL connections (when the computer is permanently connected to the Internet), a firewall is an essential piece of security software. Computers which are permanently connected are the machines most likely to fall victim to hacker attacks. A dial-up connection is therefore more secure from a security point of view. Users with high-speed connection should check that their security settings are correctly configured.

Corporate users, governmental organisations, providers

A home computer is simply a tool in the hands of cybercriminals; corporate Internet users are the main target for electronic terrorists. We can assume that a mass Internet attack will be primarily directed at web sites which are of political significance, belonging either to governmental bodies or to commercial organisations.

Antivirus and network protection are the two main ways to secure a corporate information infrastructure. System administrators should ensure that their network has no vulnerable points; if loopholes are found, IT staff should take rapid action. Administrators should also be active in tracking network activity; when attack threatens, the corporate network should be monitored 24 hours a day. Companies which take the threat of electronic terrorism seriously will understand that user education is also a key factor in establishing secure networks. In this case, IT personnel and IT security specialists should conduct additional sessions for company employees, ensuring that all users understand the basics of information security and how to protect against electronic threats.

All of the above measures will help home and corporate users maintain the integrity of their information. And antivirus protection, regularly updated, remains the cornerstone of computer security. By regularly updating antivirus databases, users are working with the manufacturer of their chosen antivirus product to protect machines against potentially devastating attacks.