Skip to content
 

Practicing Safe Computing in the Age of "TTCD" - Michele Petry

Practicing Safe Computing in the Age of "TTCD" - Trojan Transmitted Computer Diseases

Another day, another alert. And while the threat from the latest alert appers to now be under control (the Russian hacker site delivering the malicious code has been shut down), you must understand its severity as it may have been attempting to gain users' password information, threatening your Internet banking users, and it may have implications for the future.

Virus writers, phishers, hackers and other computer infidels have infiltrated the Virtual Garden of Eden once again, leaving poor Adam and Eve exposed and vulnerable as they hunger after the fruit of the Internet.

How can you (and your customers) be safe from their threats?
The choices are bleak. According to Microsoft, whose software continues to be plagued with security holes, the answer is for all of us to hunker-down, tighten the hatches and start practicing some safe-computing.

The latest nasty trojan (JS.Scob.Trojan), discovered June 24, 2004, affects Microsoft's Internet Information Server (IIS). The risks, however, are not restricted to the web servers themselves. End-users who unknowingly click on a web page delivered by one of these infected servers can also quickly become infected as well. The trojan works by appending infected JavaScript code to the bottom of web pages served by the infected IIS Web server. When an end-user unknowingly clicks on the web page, the malicious javascript code is executed, which in turn can affect the end-user's system. Some experts are saying that those who visit infected Web sites can find their computers implanted with software that could be used to steal passwords through an invisibly loaded keystroke logger or route spam through the computer.

The fix, according to Microsoft, is to tighten your email and Internet Browser security settings.

The problem, of course, with this solution is that it makes using the Internet more difficult since a great many sites, including BankersOnline and perhaps even your own bank's website, use legitimate javascript to serve up some important Web features. The work-around, according to Microsoft, is to exempt the legitimate sites by naming those sites as exempt from the increased security.


Couple the impact of this latest trojan with the continuing threat posed by "phishers" who use deceptive-looking emails to potentially trick unknowing customers into disclosing sensitive customer information and the risks to your institution compound.

What does this mean for your Institution?
Vigiliance and communication are key. Network administrators must continue to walk a risk-management tight-rope between tightening the firewalls and restricting user access and allowing key business-related Internet activities to occur.

Procedures need to be put into place to allow rapid communication between IT and employees informing them of potential threats from Web-related activity. Likewise, customer communications, also need to be considered. Simple steps to consider include:

  • For the users within your institution, if you tighten up security and disable javascript except for trusted sites, you will need to compile and "exempt" a list of trusted sites (such as BankersOnline.com) that your users visit.
  • If your institution's Web site utilizes javascript, you will need to examine how essential it is to delivering your information, and you may wish to either discontinue using it, or educate your customers about the method for exempting your site from the security restrictions.
  • Provide a link on your web site for posting Security Alerts for your customers. Explain the dangers of "Phishing" and warn customers to safeguard their information.
  • Inform your customers of your policy of contacting them via email. If you will never request account information via email, then be sure your customer is told that they should suspect any email requesting them to disclose confidential information.

In this age of "TTCD" - Trojan Transmitted Computer Diseases, both employees and customers need to practice safe-computing. You can help them get started by keeping them informed.

First published on BankersOnline.com 06/28/04

First published on 06/28/2004

Filed under: 
Technology
Filed under technology as: 
Internet
IT
Pharming/Phishing
Security

Report a problem with this page

Search Topics