Better to be safe than sorry on virus threats

Despite the occasional false alarm, it's still better to be safe than sorry when it comes to responding to virus threats.

That's the advice users and analysts have in the wake of reports last week that the so-called Serbian Badman virus wasn't nearly as deadly as had first been feared.

The Serbian Badman scare was triggered June 8 by Network Securities (Netsec), a relatively little-known Virginia-based security firm.

The company claimed that the Trojan horse, disguised as a video clip, could be used by crackers to launch distributed denial-of-service attacks similar to the ones that crippled several major websites earlier this year.

Trojan programs basically allow crackers to remotely control infected systems.

Netsec -- which rushed to the FBI with news of its discovery -- claimed that it had unearthed at least 2000 servers worldwide that had already been infected by the Serbian Badman.

The scare ended almost as quickly as it began, though, with security experts quickly dismissing the virus as a mostly harmless version of a much older and well known Trojan horse. Popular security sites such as the FBI's National Infrastructure Protection Centre (NIPC) and Carnegie Mellon University's Computer Emergency Response Team (CERT) didn't even issue their usual alerts relating to new virus information.

The incident illustrates how the publicity surrounding recent virus attacks sometimes causes a false alarm. But administrators still need to treat reports of every threat seriously, users and analysts said.

"There is no silver bullet associated with this," said Harry DeMaio, president of Deloitte & Touche Security Services LLC in Illinois.

"Firewalls, protective structures and intrusion-detection technologies all help but don't absolutely guarantee that a specific attack will not take place," DeMaio said.

So the only option for users is to make sure they aren't compromised each time a new virus warning comes out, he said.

Despite such incidents, users need to take every threat seriously, said Josh Turiel, a network services manager at Holyoke Mutual Insurance in Massachusetts.

"There are some real honest-to-goodness threats out there," Turiel said. "So if anything, all this hype (surrounding recent virus attacks) is at least making us feel a little more paranoid about our security."

Such incidents also highlight the need for companies to always have quick access to reliable security information, said Ron Freedman, a vice president of information assurance at USinternetworking, an outsourcer of business applications in Maryland.

Until recently, the company had two full-time staffers to monitor security bulletins and keep track of breaking virus news. Three months ago, the company decided to outsource the task to a newly formed unit of Ernst & Young called eSecurityOnline.com.

"The number of vulnerabilities that were being identified each day was getting to be overwhelming," Freedman said. "We were spending a lot of time trying to sort out which of those pertained to our environment, what its likely impact was, what the recommended fix was and where we had to go to get it."

Join the newsletter!

Error: Please check your email address.

More about Carnegie Mellon University AustraliaCERT AustraliaComputer Emergency Response TeamDeloitte & ToucheErnst & YoungErnst & YoungFBIMellonNETSECNIPCUSinternetworking

Show Comments
[]