Even the healthiest people sometimes get sick. And even the best-protected companies can catch a virus. As with human health, the true test of a network's well-being comes in how quickly it fights off or recovers from an illness.
To keep computer viruses, worms, Trojan Horses, and other nasties that fall under the umbrella title of "malicious code" away, most companies simply deploy anti-virus software.
But what happens if the anti-virus vendor gets sick? Just ask Symantec Corp., of Cupertino, Calif. Earlier this month, the company received a message from hackers threatening to unleash a worm via e-mail. Luckily, employees in the Netherlands perceived the threat quickly. Executives in San Jose then deleted the message and repelled the infection with Symantec's security software, says company spokesperson Richard Saunders.
Willamette Industries Inc. has taken this lesson to heart. The $4 billion integrated forest products company based in Portland, Ore., uses Symantec's integrated Norton AntiVirus product, combined with regular updates, careful inspection of all incoming files, and end user education. This system has made for a more secure environment.
Despite these checks and balances, the company earlier this year caught the Melissa virus. A macro virus that made the rounds in March by getting into users' systems through a Microsoft Corp. Office document, Melissa then replicated itself, and sent out copies via e-mail using Microsoft Outlook. Melissa propagated itself up to 50 times with each user it successfully infected. According to a recent survey conducted by Icsa Inc., a Reston, Va., provider of Internet security assurance services, there were 7.6 infections per 1,000 PCs during the week Melissa was released. The chance of encountering Melissa was around 30 per 1,000 PCs per month. Of the almost 5,000 PC users surveyed during or after Melissa, 3,650 reported having been infected.
Melissa managed to infect two servers at Willamette, one at corporate headquarters and one in a branch office in the Southwest, according to Robert Woods, PC systems manager for the company. "A few of our servers were slowed down by the volume of mail, but it was more of an annoyance than anything else," Woods says.
Fortunately, the impact was minimal because IT officials identified the problem, isolated the systems, and got them fixed quickly.
Press and Internet warnings had alerted Willamette to the virus. "We were aware that Melissa was a possibility, so we sent out a notification to all users via e-mail, telling them what to look out for and reminding them of the policies we had in place," says Woods.
Willamette's early warning system kept Melissa in check until a cure was found. As a result, IT officials watched the virus--mostly inert--in its system for about two days, until Symantec issued the "inoculation" that would scrub the virus out. It was distributed, and that was that.
Enough to make you sick
"A virus is any type of malicious code that can be used to cause disruption of the information infrastructure," according to a spokesperson for the Defense Intelligence Agency (DIA), which is part of the U.S. Department of Defense. "The disruption can entail attacking the system's integrity, circumventing security capabilities, and causing adverse operation action, or exploiting and taking advantage of the information system."
Viruses are classified by the way they infect systems, says CERT's Pollak. File viruses attack executable files, boot viruses infect boot sectors of hard and floppy disks, and macro viruses are data files written to exploit the macro commands available to Microsoft Word and other applications.
Today, 80% of all viruses are macro viruses, according to Carie Nachenberg, chief researcher for Symantec's Anti-virus Resource Center. "It used to be the floppy disk, but today, a machine can get infected surfing the net, or from executables from Usenet [news] groups."
"It's way beyond the benign stage," adds Michael Erbschloe, vice president of research for Computer Economics Inc., an independent research firm in Carlsbad, Calif. According to the company's survey of about 2,000 customers using computers, from which it received about 150 responses, Erbschloe figures that companies worldwide lost $7.6 billion in the first half of 1999 because of computer viruses--that's more than five times the losses for all of 1998. "That includes about $1.4 billion to clean up results of the virus," he explains. "And the rest was lost productivity."