ChicagoNetTech Inc

Everyone thinks they know about computer viruses, but what are the real facts?

The First Computer Virus

The first computer virus, Elk Cloner, was written nearly 30 years ago. Elk Cloner was rather benign by comparison with today's virus "standards" because all it was supposed to do was display a short poem when a computer booted up for the 50th time.

Since Elk Cloner's development in 1981, by Rich Skrenta, then a 15-year-old high school student, millions of other viruses, malware, email viruses, Trojans, internet worms, spyware, keystroke loggers, and other unwelcomed intruders have appeared.

Sneakernet

Viruses were originally spread via file sharing.  Using a method commonly referred to as "sneakernet," someone had to copy a file onto a floppy disk, and carry, give, or deliver the disk to someone else.  Once they received the floppy disk, that person had to insert the disk into their computer and read the disk to spread the virus.  Now, with the incredible expansion of the Internet, most viruses spread worldwide in a matter of days.

Common Imperceptions

A common imperception about viruses is that they fill your computer screen with garbage, delete files, and render operating systems unusable. During the early 1990s, the Michelangelo Virus created a world-wide panic. Hollywood movies like “Independence Day” have presented a scenario of virus attacks which were signaled by flashing screens and alarms.

Many people have heard about viruses that fill your computer screen with garbage or delete your files. In the popular imagination, malware still means pranks or sabotage.  The early 1990s saw global panic about the Michelangelo virus.  In 2003, when millions of computers were infected with the SoBig-F virus and were primed to download unknown programs from the web at a set time, anti-virus companies scrambled to persuade internet service providers to shut down servers to avoid a doomsday scenario. SoBig-F virus was perceived to be such a nasty virus that on November 5, 2003, Microsoft announced that they would pay $250,000 for information leading to the arrest of the creator of the Sobig worm

Many people now believe that the threats of the web-publicized viruses of the past are no more. That is far from the truth.  The threats of today are no less real, but they are low profile, well-targeted, and more likely to be about stealing data that can be sold to make the perpetrators cash than about simply creating chaos.

Today's Malware and Viruses

Today, malware is unlikely to delete your hard disk, corrupt your spreadsheet, or display a message.  Cyber-vandalism has given way to more lucrative exploits.  Today’s virus might encrypt all your files and demand a ransom.  A hacker might blackmail a large company by threatening to launch a “denial-of-service” attack, preventing customers from accessing the company's website.

More commonly, though, and to be feared and respected above anything else is that fact that today's viruses generally don’t cause any apparent damage or announce their presence at all. Instead, modern viruses and worms might silently install a keystroke logger. Keystroke loggers wait until the victim visits a banking, or other highly secure, website and then record the user’s account details and password.  The keystroke logger then forwards the user's security and login information back to a hacker via the Internet.  

Identity Theft

The hacker is usually an identity thief who uses the security information gained by accessing financial and other highly secure accounts to plunder bank accounts, create new credit card accounts in the victim's name and run up huge debt and create financial turmoil for the unsuspecting victim.  In most cases, the victim isn't even aware that the computer has been infected and doesn't find out that his or her accounts have been compromised until a month or more later when the bank statements and credit card bills begin arriving in the mail.  Once the virus has done its job, the virus may even delete itself from the infected computer altogether to avoid detection.

Another recent trend is for malware to take over your computer, turning it into a remote-controlled “zombie,” and use it without your knowledge to relay millions of profit-making spam messages or launch other malware attacks on unsuspecting computer users.

Social Networking

And as social networks like Facebook and Twitter have grown in popularity, hackers and cybercriminals are exploiting these systems to find new ways of infecting computer users and stealing identities.

Spear Phishing

Hackers may not even target large numbers of victims any more.  Such high-visibility attacks bring unwanted attention, and anti-virus companies can soon neutralize malware that is widely reported.  In addition, large-scale exploits can bring hackers more stolen data than they can handle.  Because of this, threats are becoming more carefully focused. “Spear phishing” is an example.  

Originally, “phishing” involved sending out mass-mail messages that appeared to come from banks, asking customers to re-register confidential details, which could then be stolen.  Spear phishing, by contrast, confines itself to a small number of people, usually within an organization. Spear phishing e-mail messages appear to come from colleagues, both in trusted departments where you work and from organizations with whom you work on a very regular basis who might be asking for normally confidential information: passwords, account numbers, usernames, bank account numbers, credit card numbers, and other information which is not normally shared. 

The principle of Spear phishing is the same as Phishing, but the attack is more likely to succeed because the victim thinks that the message is either internal, or from another trusted source, and his or her guard is down.

Stealthy, small-scale, well-targeted: for now, Spear phishing seems to be the way security threats are trending.

What About the Future?

Predicting how security threats will develop is almost impossible.  Industry security specialists initially assumed that there would never be more than a few hundred viruses. In fact Microsoft’s former Chairman, Bill Gates, declared that spam would no longer be a problem by 2006.  

It’s not clear where future threats will come from, or how serious they will be.  What is clear however, is that whenever there is an opportunity for financial gain, hackers and criminals will attempt to access and misuse data.

How Can You Protect Yourself?

Fortunately, there are some relatively simple things you can do to protect yourself:

"Be Aware, Don't Share!"  Never share your usernames and passwords with anyone!

Never send confidential information in an e-mail message.  E-Mail is, for the most part, transmitted in plain text across the internet.  E-Mail can, and is, intercepted along the way making anything you put into an e-mail available for lots of unknown people to see.

Password protect every computer you own.  Yes, even your home computer.  Especially important to protect are your SmartPhone, laptop, and tablets.

Use a STRONG password.  Make your passwords as long as you can, with a minimum of 14 characters. Use UPPERCASE, lowercase, numbers, special characters and punctuation in your passwords. For your computers and laptops, use a pass phrase. If work in a bank you might use, "My bAnk1ng t3Rm1nal 1s s3cur3 bec^us3 1 youse a PASSWORD frazE"  

It doesn't have to be that long or complicated, but phrases or sort sentences are legitimate passwords for most computers and networks.  Again, the longer the phrase, and the more varied the letters, numbers, characters and punctuation in the phrase, the harder it is to hack or guess.

Run a good Anti-Virus program.  Whether you run a desktop, laptop, iPhone, Android, or other smart device, make certain you have an UP-TO-DATE anti-virus program and scan your device regularly.

Run a Firewall.  All business networks must, not should, but MUST be running a properly configured firewall to protect their networks and data.

If you get hacked, REPORT IT!  Don't try to be a hero.  Don't try to conceal a hack of your business network to protect your company's reputation, REPORT IT.

Reports of both successful and non-successful hacking attempts should be made to both your local police department and the FBI.  By going on record you will not only get the respect of your business associated and customers, but you will show goodwill by the fact that you are attempting to correct a loophole in your security.  Customers want to know you are being proactive to protect their secured data in your business network.