Experts: Watch for rise in online attacks

School technology directors and network administrators should make sure their anti-virus software is up to date and should take whatever additional steps are necessary to protect their computers before staff and students log on after the holidays, computer security experts warn.

Hackers, spammers, and spies go into overdrive in December and January, when unsuspecting neophytes unwrap new computers, connect to the internet, and, too often, get hit with viruses, spyware, and other nefarious programs, they say.

Although few researchers produce holiday-specific security data, experts at IBM Corp., Dell Inc., Hewlett-Packard Co. (HP), software companies, internet service providers, and computer security firms agree that the holidays are prime time for hackers.

Do you know
your hacker lingo?

Few educators and consumers know hacker lingo, and even if they did, the most vigilant expert can’t make a computer 100-percent safe against attacks. But technology executives say they are undertaking unprecedented educational campaigns to teach consumers about emerging cyber threats. Here are some entries from Big Blue’s "Version 1.0 Online Security Dictionary," an employee reference guide that is currently published only on IBM’s internal web site….

  • "People want to get on the ‘net right away, just like they want to put together and start using any Christmas present," said Tony Redmond, chief technology officer of Palo Alto, Calif.-based computer giant HP, whose new PCs ship with 60 days of virus and adware protection. "They should be warned that the ‘net is a very, very dangerous place."

    David Loomstein, group manager for Symantec Security Response, said administrators should make it a point to cull security web sites and other notices for a list of the latest online threats. The key, he said, is to be as vigilant as possible.

    One way to do that is to make sure system virus protections are up to date before allowing teachers and students to boot up in the New Year, he said.

    But virus protections can only do so much.

    "A lot of this really is about human factors," added Loomstein, who said the number of first-time technology users always increases during the gift-giving season. It’s a reality that provides hackers and other online miscreants with a swath of new and unsuspecting targets, he said.


    Given the situation, Loomstein said, the best way to protect any network is to reissue guidelines for responsible use. Precautions should include never opening unknown attachments and staying away from generic messages–even if those messages appear to come from someone you know and respect. If you’re not sure, place a call or send a separate message to the apparent sender, just to confirm. When it comes right down to it, Loomstein said, safety starts with precaution.

    School leaders also would be wise to share this advice with parents, community members, and other stakeholders, experts say.

    Technology executives describe the relationship between hackers and security programmers as an arms race, as both sides keep ratcheting up their fire power. But lack of consumer awareness–if not downright naivete–allows the war to escalate.

    According to a recent survey by the National Cyber Security Alliance, of the 185 million Americans with home computers, one in three say they’ll never get hit by viruses or other cyber attacks. In a Consumer Reports study, 36 percent of U.S. home computers showed signs of being infected with spyware, and only 41 percent of surveyed households said they actively try to prevent it.

    American businesses generally are savvy about firewalls, spam filters, multiple passwords, and other network protections, said Stuart McIrvine, director of corporate security strategy at IBM. But problems at the consumer level–from spyware to security risks in coffee shop wireless networks–are so severe that every hardware and software vendor should be worried about a backlash.

    Seasonal attacks start around Thanksgiving, when online shopping begins an annual spike and marketers pummel consumers with junk eMail–from the perfect stocking stuffer for a balding spouse to a limited-offer holiday cruise.

    With the rise in eCommerce, identity thieves try even harder to obtain credit card and other financial data from wireless and home networks. They set up dummy web sites that seem to be hosted by major financial institutions in hopes that gullible consumers will provide their account information.

    Virus writers hide viruses and worms in holiday-themed eMails, seasonal greetings cards, and screensavers.


    "W32/Zafi-D," a mass mailing and peer-to-peer worm, harvests addresses from Windows address books and other files. Infected eMails’ subject lines begin, "Merry Christmas!" and the text reads, "Happy Hollydays."

    The most vulnerable computers are the ones that have sat under Christmas trees for days or weeks. If a consumer buys equipment that arrives on Dec. 15, and it sits in the living room until Dec. 25, it could be hit by hundreds of viruses written in the 10-day interim.

    Tony Ross, analyst at British security firm Sophos Plc., advised consumers to get a CD-ROM with the newest updates from their electronics vendor, next-door neighbor, or the computer at their office before connecting to the internet. They should prohibit children–who tend to be liberal in distributing their personal data–from using the machine until it’s patched.

    Consumers should vigilantly buy and update security software, which can add hundreds of dollars over the course of a computer’s lifetime. Popular anti-spyware and anti-adware programs include Webroot Software Inc.’s Spy Sweeper ($29.95 for a one-year subscription), Lavasoft’s Ad-Aware SE Professional ($39.95), Tenebril Inc.’s SpyCatcher ($29.95), the free Spybot Search & Destroy program, and Computer Associates Inc.’s eTrust PestPatrol ($39.95).

    Related story: Know your hacker lingo


    Hewlett-Packard Co.

    Symantec Inc.

    National Cyber Security Alliance

    IBM Corp.

    Sophos Plc.

    Webroot Software


    Tenebril Inc.

    Spybot Search & Destroy

    Computer Associates


    Want to share a great resource? Let us know at