Stopping computer viruses a 24/7 job
Stars and Stripes May 9, 2004
U.S. military bases throughout the Pacific report fending off tens of thousands of attacks every day — from computer viruses that range from potentially pesky to possibly crippling.
Computer viruses have done no major harm to networks — yet, Pacific officials say. But all installations see viruses as a hazard demanding ’round-the-clock vigilance, which devours staff time.
At the Army’s Camp Red Cloud in Uijongbu, South Korea, viruses block some computers almost daily, said Maj. Jeffrey Bourne of the 2nd Infantry Division’s automation section.
“One to 3 percent of our computers have viruses,” he said. “It is a constant thing to isolate them and fix the problem. … We have lost no data, but there is a loss of productivity, and it is a nuisance.”
Worms and horses
If not quickly checked, viruses can steal information from computer drives and even turn English text to a garble of computer characters, said Sgt. Nicholas Ybarra of Kunsan Air Base’s 8th Communications Squadron. At worst, viruses can bring networks to a virtual standstill.
Computers use binary code — combinations of ones and zeroes — to store information, Ybarra said. “A virus ... will just go in and randomly change the ones and zeroes on an infected system ... it can target just certain system files that the computer needs to run correctly.
“If the computer is infected long enough ... through time it could turn [an] entire file to garble.”
Other viruses, he said, “can take personal information and send it to the hacker.”
Most viruses the military sees these days are “worms” or “Trojan horses,” officials said.
Worms often target big commercial Web sites in an effort to shut them down.
Trojan horses are seemingly normal e-mails that hide a destructive virus. They often destroy information on disks, make systems crash and steal information, said Maj. Kevin Bennett, commander of the 35th Communications Squadron at Misawa Air Base, Japan.
Worms “usually try to copy themselves a lot over a network and usually try to eat up as much bandwidth as possible by sending commands to servers to try to get in,” said Maj. Scott Solomon, commander of the 51st Communications Squadron’s Information Systems Flight at Osan Air Base, South Korea. “The Code Red worm is a good example of this. This worm breaks in a security hole in Microsoft [Internet Information Server]. When the worm successfully gets in, it will try to go into other servers and work stations from there.”
Among newer worm viruses showing up, said experts at Pacific installations, is the mass-mailing worm W32.Netsky.x@mm and W32.Netsky.y@mm. Both can scan for e-mail addresses on all hard drives of an infected computer; the worm then e-mails itself to those addresses, according to Carl M. Ancheta, director of computer systems division at Sasebo Naval Base, Japan.
A single virus can have various characteristics, Solomon said.
“For example,” he said, “a worm can also be a Trojan and also infect the boot sector. It all depends on how the virus is written and what it is designed to do.”
Many viruses share one design factor, however: They try to entice computer users to commit those two mouse clicks essential to opening the attached files containing the viruses.
Recent case in point: the enticing “Christina” e-mail, bearing “osd.mil” in the sender’s address, which peppered Defense Department e-mail in-boxes in South Korea recently.
It opened with a small color photo of a woman whose left shoulder and back are uncovered, giving the appearance that she’s nude or scantily clad. The accompanying text reads, “I am a honest, kind, loving, with good sense of humor … etc., looking for true love … or maybe for pen friend. I like cats. Attached file tells everything. Kind regards, Christina.”
But the words are bait for a trap that snaps when a recipient clicks on the attachment, unleashing a “Trojan Horse” virus that will scour the computer for addresses or other information to send back to people who may use it to build lists for spamming.
“You double-click on it … and it installs something in the background for them to come in,” said Javier Lopez, Camp Humphreys, South Korea, information assurance manager. “Or it’ll use your computer as a mail bomb, starting with your address book.”
Virus-senders range from rogue companies to hackers seeking cyberspace thrills.
“The motive, most of the time, is just people playing around,” Lopez said. “Mostly pranksters.”
But even their fun can bear a hefty price tag: military staff time.
“Sometimes, it’s just as simple as one person getting that computer off the network,” Ybarra said. “Sometimes, it’s as little as three man-hours, and if it were really serious it could be as many as 50 or 60 man-hours.”
“You have your cost in manpower to clean up the virus mess if it actually gets into your system,” Solomon said.
Prevention lies in personnel such as Senior Airman Michael Sauve at Osan Air Base, South Korea. In the base’s bustling network control center, he keeps watch over activity that’s occurred on Osan’s computers.
The base’s anti- virus software detects and removes most infected messages.
But if the viruses get through, Sauve takes immediate steps to remove them himself, by keyboarding the needed computer commands.
If that doesn’t work, the next step is to disconnect the computer from the network.
Such monitoring duties are part of the daily electronic vigil the U.S. military maintains to guard its vital computer systems.
For the military, Solomon said, countering the problem involves “three pillars” — the right computer hardware with proper software, trained computer staff and savvy individual computer users.
“It’s kind of like insurance,” he said. “You buy insurance hoping that nothing is going to happen. Our insurance is the type of hardware that we buy, the type of software that we buy and the human measures — educating the base populace as to how to handle” virus-related matters.
Two layers of virus protection are used at Misawa Air Base. The first is anti-virus software on the base’s mail servers.
Though the chances of a virus getting through are slim, said base officials, some can breach the first protective layer. If that happens, it’s up to the second protective barrier — the anti-virus software on individual computers — to spot the virus and clean or quarantine the infected files.
Servicemembers and civilians working with the military can be provided a free copy of Norton antivirus software for their home computers, officials said; they may request it through their organizations.
But much also depends on the individual computer user, experts said.
Keeping anti- virus software updated is crucial, especially for servicemembers who do some of their computer work at home, he said.
“We’ll brief them, ‘Don’t bring your files from home,’” Ybarra said. “If you’re not updated at home, you may very well have a virus on an infected disk and then bring that disk in and put that file on the network, and you could introduce the virus that way as well.”
Indeed, servicemembers’ home computers are often the source of infections in the military’s computers.
“Usually that’s how it starts,” Ybarra said. “It’ll be Joe Shmo sending something from his house to his work e-mail. It can be something as simple as sending a funny joke, and it could have a virus attached to it. I’d have to say that home e-mail is usually how it starts.”
— Juliana Gittler, Seth Robson, Jennifer Svan, Greg Tyler and Fred Zimmerman contributed to this report.
Avoid them like the Plague
Here are some tips on avoiding computer virus problems, provided by the 51st Communications Squadron, part of the 51st Fighter Wing at Osan Air Base, South Korea:
• If you don’t know what the file is, don’t open it.
• Only use approved anti-virus software.
• Keep your anti-virus and other software current. Install updates and upgrades right away
• For added protection, all floppy disks should be scanned before use.
• Back up your data periodically.
• Virus-check all downloaded files, including sound and video files, as well as e-mail attachments.
• To prevent the possibility of rapidly spreading a virus, avoid downloading to a network or shared drive.