NO "LOVE" LOST WITH CEQURUX

Locally developed firewall stops I LOVE YOU bug in its tracks

Cape Town - It's made headlines for getting past some of the toughest firewalls in the business and causing millions of rands in damage overnight, but the "I Love You" virus has met its match. Internet security company CEQURUX says its CEQURUX Firewall v4.1 was designed to stop e-mail viruses like the I Love You bug, and that this latest mutation is no different to those before it.

CEQURUX technical director, Chris Old says: "The virus, in this case a malicious script sent as an e-mail attachment, can only be activated if the e-mail recipient opens the attachment. At this point however, it is important to note that some browsers automatically execute such scripts for you, so unless users have changed the default settings, they will become a victim - albeit unwittingly."

"Although users need to be educated about opening unsolicited e-mail attachments as a matter of corporate policy, it makes sense that the firewall removes most of the risk in the first place by blocking the message before the user has a chance to read it."

Opening the offending e-mail, sent with the words "I-Love-You" as the subject, reveals a message urging the reader to activate a seemingly innocuous attachment in the guise of an anonymous love letter.

However intriguing, doing so activates the script that sends the e-mail with the virus to all the names stored in the user's e-mail address book. It is also capable of finding and deleting files on the user's computer, deleting files on the user's network and e-mailing sensitive information - such as passwords - to the virus's author, believed to be somewhere in the Philippines.

"Remember that a virus can only be sent by e-mail as an attachment; in other words, if an e-mail message doesn't carry an attachment, it can't carry a virus," says Old. "The virus, stored in or as the attachment, will only infect the computer if the attachment is opened by the user."

"The best way of preventing this type of e-mail virus attack is by ensuring the firewall scans for e-mails that carry attachments, then verifies the integrity of these e-mails before passing them on.

The CEQURUX Firewall stops this type of virus in two ways. The firewall administrator can instruct the firewall to bar all messages with a particular subject line, or can make use of the integrated virus scanner from Sophos which is able to delete, disinfect, or alert the recipient to the danger of the attachment. As soon as Sophos has a fix for the virus, the firewall will automatically ftp the fixes. Our test firewall received a fix for the "Love Bug" at 10:19 GMT yesterday, 4th May.

Scanning for potentially dangerous e-mails in this way is different to scanning for viruses with a dedicated virus scanner.

"Dedicated virus scanners often only scan disk drives at an end-user level, once a day or when requested to do so, or they can only identify infected e-mail attachments if they know the signature or "definition" of the specific virus it contains," adds Old. "By the time anti-virus companies are able to send the definition for a new virus to its users, the damage has already been done."

"It vital that companies have the tools in place to take action as quickly as possible without suffering extensive damage. Firewall 4.1 will continue to protect its users from I Love You-type threats, but also make sure all known viruses are scanned for and intercepted without any user intervention," concludes Old.