- Email: [email protected]
Worm attempts to call the 911 emergency service
news Virus News
Worm attempts to call the 911 emergency service Symantec AntiVirus Research Center has developed a cure to protect against a new computer worm — BAT. Chode.Worm. The worm deletes files on the 19th of every month and also attempts to dial 911 emergency services on every fifth infection. BAT.Chode.Worm uses DOS batch files (.bat) to create a series of random Internet address from known ISPs. It then attempts to link to any computer connected on one of the IP addresses to find an accessible computer with a shared c:\ drive that is not password protected. If a shared c:\ drive is located, the worm duplicates its files onto the other computer and modifies c:\autoexec.bat by adding an instruction to a batch file to attempt 911 calls using the modem. A vbs script file, called winsock.vbs, is added to the Program Start-Up and it is this file that carries the payload. On the 19th of every month,
the worm deletes files from the following directories: c:\windows; c:\windows\system; c:\windows\command; c:\. To protect against this worm, it is recommended that the new definition set be downloaded from the Symantec Web site. For further information, contact Yunsun Wee, Symantec, on Tel: +1 310 449 7009; E-mail: [email protected]; Web site: www.symantec.com/avcenter/do wnload.html.
Market News
Internet users fear their identities may be stolen A recent survey has indicated that US Internet users can be persuaded, if offered incentives such as lower prices, cash or free products, to provide information that they would generally not offer online. Without any incentive, 27% of respondents are willing to offer information on their annual household income. The figure changes to 42% if incentives are offered. Similarly, 5% will disclose their credit card number without any
ISSN: 1361-3723/00/$20.00 © 2000 Elsevier Science Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Science Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. Permissions may be sought directly from Elsevier Science Rights & Permissions Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: [email protected]. You may also contact Rights & Permissions directly through Elsevier’s home page (http://www.elsevier.nl), selecting first ‘Customer Support’, then ‘General Information’, then ‘Permissions Query Form’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (978) 7508400, fax: (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) 171 436 5931; fax: (+44) 171 436 3986. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circu-
2
incentive, compared to 17% if an incentive is offered. Fifty-four percent would never give their credit card number online, and 78% of respondents said that they would never disclose their Social Security Number on the Internet. According to participants, top concerns of Internet security are: • having one’s identity stolen using publicly available personal information (78%); • knowing that an individual or organization may develop a comprehensive file of ones’ personal information (74%); • not having control over the sale or brokering of personal information (72%); • believing that online ad networks can track personal movement across the Web (65%). Although 57% of respondents made at least one online purchase within the past six months, their decision to do so was affected by taking into account the following considerations: checking for security logos (44%), shopping on a name brand or well known site (58%), and reviewing privacy statements (64%). For further information, contact InsightExpress at Web site: www.insightexpress.com.
Encryption needed to secure video conferencing Biodata Information Technology has stressed the necessity for companies to secure their video conferencing (VC) set-ups. Many businesses, including lawyers and banks, conduct important meetings using VC. It is easy for eavesdroppers to dial in to a room equipped with VC undetected, and thus gain access to confidential or sensitive information. Security in video conferencing systems is often overlooked because VCs block hackers from connecting to a company’s private network. As a result, these VC systems are not seen as a threat to security. However, owing to operational practices and lack of functionality on older systems, gaining information can be as easy as making a telephone call to the VC number. A Biodata reseller explained, “This problem exists because companies leave their VC systems open to allow for callers to dial in, but if the television monitor is turned off, anyone can dial in without the knowledge of the host. As these VC
lation within their institutions. Permission of the publisher is required for resale or distribution outside the institution. Permission of the publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Contact the publisher at the address indicated. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the publisher. Address permissions requests to: Elsevier Science Rights & Permissions Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by Mayfield Press (Oxford) Ltd
Worm attempts to call the 911 emergency service Symantec AntiVirus Research Center has developed a cure to protect against a new computer worm — BAT. Chode.Worm. The worm deletes files on the 19th of every month and also attempts to dial 911 emergency services on every fifth infection. BAT.Chode.Worm uses DOS batch files (.bat) to create a series of random Internet address from known ISPs. It then attempts to link to any computer connected on one of the IP addresses to find an accessible computer with a shared c:\ drive that is not password protected. If a shared c:\ drive is located, the worm duplicates its files onto the other computer and modifies c:\autoexec.bat by adding an instruction to a batch file to attempt 911 calls using the modem. A vbs script file, called winsock.vbs, is added to the Program Start-Up and it is this file that carries the payload. On the 19th of every month,
the worm deletes files from the following directories: c:\windows; c:\windows\system; c:\windows\command; c:\. To protect against this worm, it is recommended that the new definition set be downloaded from the Symantec Web site. For further information, contact Yunsun Wee, Symantec, on Tel: +1 310 449 7009; E-mail: [email protected]; Web site: www.symantec.com/avcenter/do wnload.html.
Market News
Internet users fear their identities may be stolen A recent survey has indicated that US Internet users can be persuaded, if offered incentives such as lower prices, cash or free products, to provide information that they would generally not offer online. Without any incentive, 27% of respondents are willing to offer information on their annual household income. The figure changes to 42% if incentives are offered. Similarly, 5% will disclose their credit card number without any
ISSN: 1361-3723/00/$20.00 © 2000 Elsevier Science Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Science Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. Permissions may be sought directly from Elsevier Science Rights & Permissions Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: [email protected]. You may also contact Rights & Permissions directly through Elsevier’s home page (http://www.elsevier.nl), selecting first ‘Customer Support’, then ‘General Information’, then ‘Permissions Query Form’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (978) 7508400, fax: (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) 171 436 5931; fax: (+44) 171 436 3986. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circu-
2
incentive, compared to 17% if an incentive is offered. Fifty-four percent would never give their credit card number online, and 78% of respondents said that they would never disclose their Social Security Number on the Internet. According to participants, top concerns of Internet security are: • having one’s identity stolen using publicly available personal information (78%); • knowing that an individual or organization may develop a comprehensive file of ones’ personal information (74%); • not having control over the sale or brokering of personal information (72%); • believing that online ad networks can track personal movement across the Web (65%). Although 57% of respondents made at least one online purchase within the past six months, their decision to do so was affected by taking into account the following considerations: checking for security logos (44%), shopping on a name brand or well known site (58%), and reviewing privacy statements (64%). For further information, contact InsightExpress at Web site: www.insightexpress.com.
Encryption needed to secure video conferencing Biodata Information Technology has stressed the necessity for companies to secure their video conferencing (VC) set-ups. Many businesses, including lawyers and banks, conduct important meetings using VC. It is easy for eavesdroppers to dial in to a room equipped with VC undetected, and thus gain access to confidential or sensitive information. Security in video conferencing systems is often overlooked because VCs block hackers from connecting to a company’s private network. As a result, these VC systems are not seen as a threat to security. However, owing to operational practices and lack of functionality on older systems, gaining information can be as easy as making a telephone call to the VC number. A Biodata reseller explained, “This problem exists because companies leave their VC systems open to allow for callers to dial in, but if the television monitor is turned off, anyone can dial in without the knowledge of the host. As these VC
lation within their institutions. Permission of the publisher is required for resale or distribution outside the institution. Permission of the publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Contact the publisher at the address indicated. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the publisher. Address permissions requests to: Elsevier Science Rights & Permissions Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by Mayfield Press (Oxford) Ltd