Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Security /

Beware the Y2K opportunists

Jim Reavis
Network World on Security, 12/22/99

Planning for the Y2K bug, for the virtuous among us, has been a long, multiyear process that has taken a lot of careful planning. As we approach the eve of the millennium, the fears of major catastrophe within our critical infrastructure and a general breakdown of society have greatly subsided. You won't find a year's supply of anything at my house. However, for some in the security business the fun is just beginning. While debugging date calculation functions within COBOL programs and system clocks is a predictable process, predicting the impact of Y2K-related viruses and hoaxes created by malicious opportunists is very difficult.

The viruses and hoaxes that we may see will have a high degree of social engineering and will depend upon a fair amount of chaos to be successful. We can expect that typical users will have their defenses lowered and may be susceptible to e-mail messages warning that they will lose precious data if they do not apply the attached "fix" before January 1, 2000, or immediately afterward. Have you identified some likely scenarios that can affect your organization, and do you have a strategy for dealing with them?

Some of the activity you may see:

  • Viruses masquerading as Y2K fixes, perhaps even for a known problem that has received some publicity.

  • Program files that seem innocuous now, but are set to do something malicious when the clock strikes midnight.

  • Electronic holiday greetings and other seasonal files that really are disguised Trojan Horse programs.

  • Expect antivirus Web sites to be slow or unavailable due to high traffic. Do your best to manage through this situation, but be wary of unofficial "mirror" download locations.

  • Beware of old browsers. The certificates in some older browsers are set to expire December 31, 1999; meaning those browsers will be unable to make Secure Sockets Layer connections to Web sites secure. Netscape Navigator 4.05 and earlier and Microsoft Internet Explorer for Macintosh 4.01 have this problem, and some other versions may be affected as well. Being employed at a Web-based start-up and having access to large Web server logs, I can safely say that there are a lot of you out there with old browsers.

  • Expect Y2K hoaxes. For everything that I say could happen, you would see messages that say it did happen. Like e-mail hoaxes, at best these will cause a flood of e-mail and unwarranted concern. At worst these hoaxes will attempt to obtain sensitive information and/or financial data.

What to do:

  • Heighten awareness and user sensitivity. You likely have been browbeating your users and IT staff already, so a little more won't hurt. Reduced productivity for a few days does not compare to lost data and zero productivity for a much longer period of time. Users should not hesitate to report anomalies and need to be extra sensitive about self-installing applications and controls encountered on the Internet.

  • Be open to tactical antivirus solutions from vendor B. While you may have standardized your antivirus solutions for vendor A and don't want to do anything to change that, it may be acceptable to tactically use a temporary solution from vendor B if it is the only solution for a particular virus. If it isn't a matter of installing the temporary fix everywhere, but rather is a solution that you can use from a single machine to sweep several servers, go for it.

  • Any help desk call of an unusual nature, such as a problem that has never happened before with a particular application, should be handled quickly and viewed as a possible suspicious event.

  • Strongly consider how much you need e-mail in the days immediately before and after the New Year. Some companies are queuing mail only on their servers until January 3 or 4. Others are quarantining every single attachment. The strategy here is to let other companies step on the land mines and clean out their message stores after they have received fixes and updated signature files. While completely shutting down e-mail is too simplistic a solution for many companies, especially those with order@company.com mailboxes, there are ways you can probably prevent most people from using e-mail.

  • The same might be said of Internet access. Just as telephone access is restricted during natural disasters for emergencies, Web surfing should be for critical business needs only.

Don't expect the problem to be over on January 1. While a computer's central processing unit may operate on strictly binary terms, humans don't. Users are just as susceptible to a Y2K-related social engineering attack after January 1 - perhaps even more so.

But don't worry, let's make it through this millennium and I promise you won't have to go through another one.

RELATED LINKS

Holiday virus threats continue unabated
Network World, 12/13/99.

Viruses to crash New Year's bash
Network World, 12/06/99.

Vendors warn of destructive Y2K virus
Network World, 12/03/99.

Network World Security Alerts page

Archive of Network World on Security newsletters

RELATED LINKS

Jim Reavis, the founder of SecurityPortal.com, is an analyst with over 10 years' experience consulting with Fortune 500 organizations on networking and security-related technology projects. SecurityPortal.com is a Web site dedicated to providing IT professionals with comprehensive information about network security issues. Jim can be reached at jreavis@securityportal.com.

Holiday virus threats continue unabated
Network World, 12/13/99.

Viruses to crash New Year's bash
Network World, 12/06/99.

Vendors warn of destructive Y2K virus
Network World, 12/03/99.

Network World Security Alerts page

Archive of Network World on Security newsletters

Network World Security Alert will keep you up to date on the latest security holes and patches, with daily updates from key vendors, security organizations and Network World reporters. See the latest dispatches from the security here.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.