Inicio arrow Noticias Técnicas arrow Artículos sobre el peligro de la existencia de Hackers y Virus Informáticos Y2K en Empresas (inglés)
Artículos sobre el peligro de la existencia de Hackers y Virus Informáticos Y2K en Empresas (inglés) Imprimir E-Mail


Mon, 03 Jan 2000 12:04:38 -0600

Network Associates Recommends Continued Caution as Corporations Return to Work After Quiet Y2K Weekend Continued Vigilance Necessary Even After Uneventful New Year's Holiday As Potential Viruses May Be Lurking in Email for Returning Employees


SANTA CLARA, Calif., Jan. 3 /PRNewswire/ --

Network Associates, Inc. (Nasdaq: NETA) today reminded companies and

consumers of the need for continuing "safe computing" practices as they

return to work after the New Year's holiday. Recognizing that the limited

virus threat throughout the holiday may result in a feeling of false

security, Network Associates reminds IT Managers that the potential for

damage from new viruses or security holes still exists. Network

Associates' McAfee AVERT (Anti-Virus Emergency Response Team) will remain

in high alert posture for the next 72 hours, as the majority of computers

worldwide are powered up for the first time this millennium on the morning

of January 3. "We are pleased that the New Year's holiday did not pose any

strong threats to our customers, as the potential for Y2K damage was very

real," said Sal Viveros, director for McAfee Total Virus Defense at

Network Associates. "However it is essential for corporations to stay on

top of virus happenings and be especially alert this week as computers are

re-booted, and email between users and the outside world begins to flow

freely again." "Melissa was one of the most destructive viruses of 1999.

This virus spread at lightening speed through email attachments. It was

discovered on a Friday morning, and had spread world-wide within six

hours," said Jimmy Kuo, director of AVERT anti-virus research. "Because

these viruses can strike at any time, and the threat continues, this week

AVERT will staff the CyberAssurance National Information Center, which is

part of the President's Council on the Year 2000 Conversion Information

Coordination Center."



From December 30 through the turnover to the new year, McAfee AVERT

researchers found seven low-risk viruses, which represents the average

amount of virus writing activity AVERT usually experiences during a

four-day timeframe. There has been no indication that these seven viruses

are actively spreading in customer sites at this time. Nevertheless,

AVERT's worldwide research and support team will continue to monitor for

the spread of these viruses as well as any new viruses released during the

New Year. For details on the seven new viruses as well as continued

updated information on newly discovered Y2K viruses, visit the AVERT Web

site at: http://vil.nai.com/villib/alpha.asp.



Network Associates is double-click on email attachments -- save and scan them first

3. Keep software updated.

4. Turn on Macro Virus Protection.

5. Be cautious with free downloads.

6. Guard your personal and financial information.

7. Protect your personal computer.

8. Protect your passwords.

9. Teach children online safety tips.

10. Protect online transactions by using a secure browser.

11. Bonus tip: Be careful -- but don't believe everything you hear.



The McAfee Total Virus Defense suite provides comprehensive anti-virus protection at the desktop, file server, groupware server and Internet gateway. Powerful integrated management tools make it easy for

administrators to deploy updates and upgrades, and to configure and monitor virus security enterprise- wide. The McAfee Total Virus Defense product line is sold as a standalone suite and as part of the Net Tools Secure suite, Network Associates' comprehensive security suite incorporating anti-virus, firewall, encryption, authentication, intrusion detection, vulnerability assessment, and security management. Network Associates' McAfee AVERT (Anti-Virus Emergency Response Team), a division of NAI Labs, is the largest network of virus researchers in the industry.



During the week of January 3, AVERT will continue to work 24X7 around the

globe to provide the latest in virus research and anti-virus solutions.



With headquarters in Santa Clara, Calif., Network Associates, Inc. is a leading supplier of enterprise network security and management software. Network Associates' Net Tools Secure and Net Tools Manager offer best-of- breed, suite-based network security and management solutions. Net Tools

Secure and Net Tools Manager suites combine to create the Net Tools solution, which centralizes these point solutions within an easy-to-use, integrated systems management environment. For more information, Network Associates can be reached at 972-308-9960 or on the Internet at http://www.nai.com. NOTE: Network Associates, McAfee, Total Virus Defense, VirusScan and Net Tools are registered trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.



Christopher Michael

Network Associates

Channel Security Products Manager


Computer security teams brace for attacks
By Stephen Shankland
December 20, 1999, 1:30 p.m. PT

Computer security teams are bracing for attacks by two programs that enlist multiple systems to launch coordinated attacks on Web servers.

Concern is mounting that the two programs, called Tribe Flood Network and Trinoo, will show their colors in the near future.

The programs, when installed onto hundreds or thousands of computers, simultaneously bombard a select point on the Internet. If the information from the attackers comes fast enough, the target computer
freezes up.

Flooding attacks such as Tribe and Trinoo are examples of so-called denial-of-service attacks, a method that's been around as long as there have been networks to inundate. Launching attacks from several computers also has been tried before, for example with the "Smurf" attacks of last year.

But Tribe and Trinoo give a new level of control to the attacker, and the attack programs are being improved, according to Dave Dittrich, a computer security technician at the University of Washington who wrote analyses of the programs.

Tribe and Trinoo, which started appearing in recent months, "are a step above what has happened before," he said.

Moreover, because the origin of the program is obscured, it's hard to counteract, said Quinn Peyton of the Computer Emergency Response Team (CERT) at Carnegie Mellon University.

Experts fear that the holidays are a likely time for such attacks, because computer administrators on vacation will be harder to locate and likely won't be paying as much attention to systems under their control. In addition, some suggest attackers are likely to strike in the midst of confusion that people expect with the arrival of the Year 2000 computer problem.

"There are machines now sitting there, prepared to attack somebody else," Peyton said. "Now one person can do a massive denial-of-service."

CERT warns that the Trinoo and Tribe attack tools "appear to be undergoing active development, testing and deployment on the Internet."

Tribe Flood Network and Trinoo launch their attacks from a host of innocent computers that already have been broken into. Then, on a signal from a master computer, the computers simultaneously bombard the victim machine with packets of information so fast that it becomes unresponsive. At that point, the target computer won't respond to commands and can't be taken off the network.

The FBI in 1998 set up an office called the National Infrastructure Protection Center (NIPC) to monitor computer attacks and vulnerabilities. Although FBI officials did not comment on the Tribe or Trinoo attacks, the FBI is holding a news conference tomorrow about Y2K issues, a spokesman said.

"There's a lot of paranoia for the Y2K stuff," said David Crawford of the Energy Department's Computer Incident Advisory Capability. CIAC is working hard to prepare a description of how to identify Trinoo and Tribe in the next few days. "We're looking for a unique signature that will identify these types of attack," he said.

Dittrich should know. He had to respond when 27 computers at his university were among 227 that attacked the University of Minnesota during three days in August.

"I was having a hard time finding all the people and getting all the systems cleaned up," he said, and that was just for the a small fraction of the systems involved.

"During that time, their network was pretty much unusable for 100,000 users," Dittrich said. "There isn't much of a defense against these denial-of-service attacks."

University of Washington computers also were used for attacks on computers in France, Norway and Australia, he said.

The attack software was installed primarily on computers using Sun Microsystems' Solaris and Linux--both variations of the Unix operating system. To break into those computers, the intruder took
advantage of known vulnerabilities that allowed him or her to take almost complete control of a computer then erase his or her tracks, Dittrich said.

"The core message is that people who have systems on the Internet need to know how to deal with them," Dittrich said. "You can't expect your computer to be running for years, like a microwave. It's more like a really expensive car, where you've got to be taking it in for maintenance all the time."

In the attack on the University of Minnesota, 114 of the 227 attacking systems were part of the Internet 2, a higher-speed successor to the current Internet. Using Internet 2 was important, because its higher-speed network can deliver more volleys in the denial-of-service attack.

"Companies step up security against Y2K viruses"
By Darnell Little                                                                    
John Koskinen, chairman of the President's Council of Year 2000 Conversion, stands in the middle of the White House's Y2K crisis center. Koskinen said the administration does not expect any major problems, but will monitor any glitches that might occur. (Associated Press)

Tribune Staff Writer                                                              
December 24, 1999

As the epochal Y2K date creeps even closer, many computer security experts are preparing for a flood of viruses and high-tech scams that could potentially be unleashed before the year's end.

Malicious computer activity is expected to rise on New Year's Eve as midnight arrives across U.S. time zones, with the possibility of more turmoil starting on Jan. 2 as overseas workers in earlier time zones return to work for the first time in 2000. Experts believe the arrival of the new millennium might be an opportunity too attractive for virus authors and computer hackers to pass up.

"Why do people write viruses? It's ego, vanity," said Dan Schrader, vice president for new technology at Trend Micro, a Cupertino, Calif.-based anti-virus software developer. "What better time to get your name in lights than when every newspaper is covering the computer industry so intensely?"

Like many other security vendors, Trend Micro is increasing its staffing and support hours for Y2K. The company is offering 24-hour computer support for all its customers through Jan. 15.

"The rash of new virus activity is already happening," Schrader said. "We are getting swamped here. We had four very significant computer virus outbreaks two weeks ago and we've had a number of new ones since then."

Schrader estimates that there has been a 75 to 100 percent increase in the number of new computer viruses that Trend Micro has encountered since the beginning of December. He also said there has been a 100 percent increase in traffic to the company's Web site and in support calls.

"We don't expect the Internet to melt down with new viruses over the next few weeks, but there's definitely a significant increase in activity," Schrader said.

For New Year's Eve, Trend Micro has committed two employees to join the federal government's Information Coordination Center, a computerized "war room" near the White House designed to track global Y2K problems and provide backup communications systems if needed.

Any uncovered major computer or network problems around the world would be reported to the White House and other government officials in order to decide on a course of action. Starting the morning of Dec. 31, when the New Year begins in New Zealand, data from overseas will be provided by the State and Defense departments and various industry groups.

President Clinton's Y2K adviser, John Koskinen, said the administration does not expect any major problems, but the ICC will monitor any Y2K glitches that might occur around New Year's Day.

Bill Pollack, spokesman for the Computer Emergency Response Team at Carnegie Mellon University, has also adopted a wait-and-see attitude regarding the potential flurry of Y2K virus activity.

"There have been reports of increased activity," Pollack said. "We're watching the situation and we're certainly anticipating a lot of media attention during that time, but we won't really know until the day arrives, unfortunately."

Millennium viruses are only one of several possible Y2K computer dilemmas that security experts are preparing for, according to Dan Takata, senior software support engineer for F-Secure, a global anti-virus and network security software company formerly known as Data Fellows.

"I envision three scenarios of what could happen," Takata said. "One scenario is viruses specifically written to go off on Dec. 31 right before the changeover date. The thing is, they can't release it just before the date because a virus needs a chance to spread, so we'll catch it beforehand.

"The second scenario is that hackers will send what are called Y2K patches, and they'll (change) the e-mail address to look like it came from a legitimate company. The e-mail will say, 'Please administer this to all your computers because this is a Y2K patch.' But in fact it might be a virus or a Trojan Horse. We'll see a lot of those.

"Scenario three is called social engineering," Takata said. "The people staffing the IT departments on Dec. 31 at 11 o'clock at night aren't going to be your top-level systems administrators. The senior guys are going to be out partying. It's going to be some junior IT guys manning the major systems that night. Those are the kind of guys that hackers are going to target.

"Someone will call these junior IT guys on the phone and say, 'Look, I'm from the New York office and we just went down over here. I have clients screaming at me, so give me the password to the system because I need to log in.' And the IT guy will say, 'Oh, no. I can't do that.' But when the yelling increases, the IT guy will eventually break down and actually give out the password. That happens all the time, and that's going to happen a lot on Y2K because it's such a perfect opportunity."

Most computer security experts recommend that companies stay extra vigilant in updating virus software frequently well into the new year. Also, the computer and network administrators working New Year's Eve need to be alert to the many possible situations that could arise.

"Obviously there's no way you can protect yourself against every scenario with any kind of application software," Takata said. "The only way you can protect against it is by educating your users and employees."