Having passed through Christmas unscathed by any major virus activity, virus protection software vendors are still being watchful of viruses or other attacks against computers that the first few days of 2000 may bring.
Sal Viveros, director of McAfee Total Virus Defense at Network Associates Inc. (NAI), said that the company received a few calls from customers around the Christmas holiday who were infected with the Win32.Kriz worm. If activated, Kriz, a worm whose destructive payload was set to trigger on December 25, could delete a PC's CMOS memory, damage its flash memory, and overwrite all network drive files.
Viveros dubbed the contained Kriz infections "pretty minor" and said that overall, Christmas viruses, particularly greeting-card executables, were not thrust into widespread circulation this season because many people opted to send secure holiday URLs to friends and family instead.
NAI and other security vendors are now turning their attention and manpower toward an event for which planning has gone on for months: year-2000 and related hacking threats.
NAI researchers are proactively searching out any outbreaks, monitoring Usenet groups and virus writer and hacker Web sites to keep on top of the very latest strike that could occur worldwide, Viveros said.
"We're going to be monitoring this in real time. (By the time New Zealand rolls over to 2000) we still have 13 hours to prepare for the West Coast, so we can get updates and upgrades in Europe and the East Coast, and still have time to react to it," Viveros said. "We're going to be following the sun with this."
Some companies have chosen to completely shut down their systems or Web sites altogether during the year-2000 rollover for protection, or they have changed the settings on their servers to block or turn back e-mail for far longer than they normally might. This would bide time until the server can be checked by a systems or security manager for oddities the following week.
Taking down a server or Web site may work in the short term, but vulnerabilities in the security system will just be exposed once they are turned on again, if they have been attacked or breached, said Jimmy Alderson, director of Network Monitoring at the Meta Security Group, in Atlanta.
"The funny thing is, whatever holes they have in their Web site will still be there when they bring it back online," Alderson said. Some United States Air Force bases, as well as alladvantage.com- which pays people to have ads appear on their web browser while online - are examples of groups that have announced they will shut down their Web sites during the coming weekend, Alderson said.
Vincent Weafer, director of Symantec's Anti-Virus Research Centre, said virus submissions to Symantec have gone from 8,000 a month in early 1999 to averaging 23,000 a month in December. He predicted that the majority of hacks or viruses directed toward systems will be discovered starting the week of January 3, when most people go back to work and students return to school.
Because of the massive planning by most anti-virus security vendors to shield themselves, as well as their efforts to have customers upgrade to the latest virus-scanning and protection software, Weafer said he believed that a large threat this weekend was unlikely. ISPs also will be watching out for problems.
Graham Cluely, senior technology consultant at Sophos, an anti-virus software company, in Wakefield, Mass., offered some helpful last-minute tips to help users get ready for the year 2000.
- Stop using the Word DOC format; instead, save documents in pure RTF because the format does not support macro language viruses but still supports DOC formatting.
- Change your CMOS boot-up sequence so that rather than booting from Drive A: if you leave a floppy disk in your machine, you boot from Drive C: instead. This should stop all boot-sector viruses.
- Do not run or open unsolicited executables, documents, spreadsheets, etc. Virus-scan anything that runs in the company.
- Keep anti-virus software up to date, and monitor your anti-virus vendor's Web site for information and updates on any new viruses that are discovered.