HIPAA action
HIPAA dvisory
HIPAAdvisory > HIPAAction > HIPAA/SECURE: Security Q/A Phoenix Health Systems
news
regs
action
tech
wares
alert
live
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

HIPAA/SECURE: Security Q/A
May 2002

"Klez and Other Viruses: How Can They Be Prevented?"

by Eric Maiwald, CISSP, Chief Technology Officer, Fortrex Technologies, Inc.

QUESTION: My site has been infected with the latest Klez virus. We can't seem to do anything to prevent these things and we spend a lot of time working to fix systems after they have shown up. Do you have any hints to help us out?

ANSWER: While this question is not specifically HIPAA-related, viruses (as well as worm and Trojan horse programs) continue to cause problems for many IT departments so it is a good question.

The current virus (Klez.H) is the latest in a long line of email viruses. This particular virus has several features that make some of the standard defenses less useful. Many shops have begun educating the organization’s employees about the dangers of email attachments especially when they come from people that are unknown. At the same time, many viruses use consistent subject lines and file names so that it is easy to get the word out to employees about them.

Klez.H has a feature that randomly changes the name of the attached file as well as the subject line and the content of the message. Thus many of the standard warnings that are sent to employees are not effective (there is no single subject line or file name that can be given to mployees or stopped at the organization’s firewall).

So what can we do to prevent the spread of these types of viruses? There are several things that can be done:

  • Educate your users - Explain the issues to your employees. Make them aware of the damage that can be done by any attachment that can be executed (usually file extensions such as .exe, .com, .bat, .vbs, etc.). Tell your employees not to open attachments with these extensions and to only open other attachments that they are expecting.

  • Load anti-virus software on each desktop - Make sure that the latest set of signatures is loaded on each desktop as well and set the software to check on file open as well as periodically. Many of the new versions of anti-virus software have centralized management that allow signature files to be pushed out. Do this regularly (weekly at least).

  • Use anti-virus software to check inbound email - There are several products available that will check all email for viruses and other nasty programs. Use this type of software on your email gateways and possibly internally as well. Make sure that you have a regular schedule to update the signatures on this software.

  • Load anti-virus software on file servers - It is possible that infected files can enter the organization in ways other than email (employees can download files or bring them from home). Set up the software to check for viruses periodically (every night) and make sure you are updating the signatures regularly.

This combined strategy will catch the vast majority of viruses, worms, and Trojan horse programs that come into an organization. The most important part is to make sure the signature files are updated on a regular basis.

Read past HIPAA / SECURE Q/A articles.

Fortrex Technologies, a Phoenix Health Systems security partner, provides enterprise security management services and information security process and monitoring services for healthcare and other industries. www.fortrex.com

Go to TOP