Viruses, Worms, IP Addresses, and Different Computers?

TheMSsForum.com: The Microsoft Software Forum

I made an earlier post about my being bombarded with 400-500 virus/worm
email messages a day. This is despite being up to date with all the
AV's, MS updates, and the like. I turn off my machine at night and the
next morning 8 hours later I have ~200 email virus messages waiting for me.

I am an oldtimer network guy (SS7 on Unix platforms) and unfortunately
am not too
knowledgeable in the TCP/IP arena or Win-XP. My concern now is being "hacked"
over the internet, not by email but by some other technique using
my IP address. (I do know that the current SWEN email scam simply
generates tons of messages for my specific email address and
opening an email independent of IP address or computer causes the problem).
So I have the following questions:

1) Do I get a different IP address every time I connect to the
internet? (I use Earthlink dial-up...like I said I'm an oldtimer)

2) Can two users share the same IP address from a remote perspective
and then the ISP multiplexes to the correct destination?

3) I have read that hacker's can somehow send malicious code to
my machine and get my personal info (eg - passwords, credit card
numbers, etc). Can they do this other than email? If so, how? (a
concise explanation will suffice)

4) How would my specific computer be targeted if my IP address
changes? Are the hacker's programs just "out there" continually
pinging (or whatever) to see what they can find?

5) If I used a different computer would I be just as susceptible
or is my computer on a (s)hit-list? Or is my email address used
to get my current IP address and then an invasion is attempted?
(Again I know the email virus
issue is still relevant on a different computer).

6) Fortunately the email issue has been somewhat mitigated in that
I have been using Webmail. But I have a question: How is the issue
of opening an attachment handled with Webmail? Is there a danger
in this?

I know for the majority of you these are very dumb and basic
questions, but I appreciate your help--this current SWEN worm/virus
is my first security problem and now I am pretty worried.

Thanks,
Ragtopgeek
Top

Re: Viruses, Worms, IP Addresses, and Different Computers? by Bill

Bill
Mon Sep 22 21:51:50 CDT 2003

Lots of questions--and maybe some I'm not the best to answer--I'll give at
least some of this a shot, inline.

"ragtopgeek" <ragtopgeek@earthlink.net> wrote in message
news:8c58bb4.0309221803.22bd0db5@posting.google.com...
> I made an earlier post about my being bombarded with 400-500 virus/worm
> email messages a day. This is despite being up to date with all the
> AV's, MS updates, and the like. I turn off my machine at night and the
> next morning 8 hours later I have ~200 email virus messages waiting for
me.
>
> I am an oldtimer network guy (SS7 on Unix platforms) and unfortunately
> am not too
> knowledgeable in the TCP/IP arena or Win-XP. My concern now is being
"hacked"
> over the internet, not by email but by some other technique using
> my IP address. (I do know that the current SWEN email scam simply
> generates tons of messages for my specific email address and
> opening an email independent of IP address or computer causes the
problem).
> So I have the following questions:
>
> 1) Do I get a different IP address every time I connect to the
> internet? (I use Earthlink dial-up...like I said I'm an oldtimer)

Yes. This is both good (harder to trace you) and bad (you might grab a
number just used by a peer-to-peer music share king and see lots of traffic
trying to find all that wealth he used to share on that IP.

>
> 2) Can two users share the same IP address from a remote perspective
> and then the ISP multiplexes to the correct destination?

Sort of--there's something called NAT which is used in small office/home
router devices. a dozen or more machines behind the device can share a
single IP. I've not known ISP's to do this, although it isn't impossible.
(look up Network Address Translation for details on how this works)

>
> 3) I have read that hacker's can somehow send malicious code to
> my machine and get my personal info (eg - passwords, credit card
> numbers, etc). Can they do this other than email? If so, how? (a
> concise explanation will suffice)

Malicious code can be injected into your machine through the kind of
vulnerability used by the MS Blaster worm, and those patched by MS 03-039
patch. The other way this kind of loss can occur is through a Trojan
Horse--a program you choose to download and execute which does more (or
different) than you expect. The general "cure" for both of these issues is
a firewall.

>
> 4) How would my specific computer be targeted if my IP address
> changes? Are the hacker's programs just "out there" continually
> pinging (or whatever) to see what they can find?

They use automated tools to search for machines displaying a signature
indicating a particular vulnerability exists. Dialup is no protection
against either viruses or hacking, although it makes it somewhat less
likely.

>
> 5) If I used a different computer would I be just as susceptible
> or is my computer on a (s)hit-list? Or is my email address used
> to get my current IP address and then an invasion is attempted?
> (Again I know the email virus
> issue is still relevant on a different computer).

I'm not sure where you are coming from on this one--leave Swen aside--that's
not a shit-list, just an automaton doing its job.
You could be targeted by somebody because of some particular issue--behavior
in a chat-room or something--any sort of instant communication where your IP
would be easily discovered, and somebody might decide they don't like you.

>
> 6) Fortunately the email issue has been somewhat mitigated in that
> I have been using Webmail. But I have a question: How is the issue
> of opening an attachment handled with Webmail? Is there a danger
> in this?

Opening attachments is dangerous, period. Webmail doesn't help with
this--you are still going to pull the attachment down to your machine and
open it.

>
> I know for the majority of you these are very dumb and basic
> questions, but I appreciate your help--this current SWEN worm/virus
> is my first security problem and now I am pretty worried.
>
> Thanks,
> Ragtopgeek


Top