CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [56]
Present Virus Activity
New viruses and threats are released on a regular basis to join the cadre of those already in existence. From an exam perspective, you need only be familiar with the world as it existed at the time the questions were written. From an administration standpoint, however, you need to know what is happening today.
To find this information, visit the CERT/CC Current Activity web page at http: //www.us-cert.gov/current/current_activity.html. Here you’ll find a detailed description of the most current viruses as well as links to pages on older threats.
Identifying Hoaxes
Network users have plenty of real viruses to worry about. Yet some people find it entertaining to issue phony threats to keep people on their toes. Some of the more popular hoaxes that have been passed around are the Good Time and the Irina viruses. Millions of users received e-mails about these two viruses, and the symptoms sounded awful.
Both of these viruses claimed to do things that are impossible to accomplish with a virus. When you receive a virus warning, you can verify its authenticity by looking on the website of the antivirus software you use, or you can go to several public systems. One of the more helpful sites to visit to get the status of the latest viruses is the CERT organization (www.cert.org). CERT monitors and tracks viruses and provides regular reports on this site.
When you receive an e-mail you suspect is a hoax, check the CERT site before forwarding the message to anyone else. The creator of the hoax wants to create widespread panic, and if you blindly forward the message to coworkers and acquaintances, you’re helping the creator accomplish their task. For example, any e-mail that says “forward to all your friends” is a candidate for hoax research. Disregarding the hoax allows it to die a quick death and keeps users focused on productive tasks.
Symantec and other vendors maintain pages devoted to bogus hoaxes (www.symantec.com/business/security_response/threatexplorer/risks/hoaxes.jsp). You can always check there to verify whether an e-mail you’ve received is indeed a hoax.
While spam is not truly a virus or a hoax, it is one of the most annoying things an administrator can contend with. Spam is defined as any unwanted, unsolicited e-mail, and not only can the sheer volume of it be irritating, it can often open the door to larger problems. Some of the sites advertised in spam may be infected with viruses, worms, and other unwanted programs. If users begin to respond to spam by visiting those sites, then your problems will only multiply.
There are numerous anti-spam programs available and they can be run by users as well as administrators. One of the biggest problems with many of these applications is false-positives: they will occasionally flag legitimate e-mail as spam and stop it from being delivered.
Just as you can, and must, install good antivirus software programs, you should also consider similar measures for spam. Filtering the messages out and preventing them from ever entering the network is the most effective method of dealing with the problem. Recently, the word spam has found its way into other forms of unwanted messaging beyond email, giving birth to the acronyms SPIM (spam over Instant Messaging) and SPIT (spam over Internet Telephony).
Trojan Horses
Trojan horses are programs that enter a system or network under the guise of another program. A Trojan horse may be included as an attachment or as part of an installation program. The Trojan horse could create a back door or replace a valid program during installation. It would then accomplish its mission under the guise of another program. Trojan horses can be used to compromise the security of your system, and they can exist on a system for years