LOCAL enterprises and individuals are warned to brace themselves for more virus attacks and threats on their information systems.

With the continuing worldwide trend of blended threats in writing worms, viruses and Trojans that are combined with sophisticated hacking techniques, anti-virus vendors and consultants said information systems users can expect an increasing number of dangerous worms and viruses.

Exploiting software/applications, these worms and viruses are likely to be released more frequently for the rest of the year.

Sophos Anti-Virus Asia Pte Ltd's managing director Charles Cousins said although the level of attacks expected in Malaysia appears to be neither significantly higher nor lower than other Asian countries, the amount of damage is set to be a little higher as compared to the rest.

"Not all (local) enterprises have adopted a comprehensive anti-virus and anti-spam policy. Many end users also are still ignorant about the damage that can be done while managers are afraid to enforce stringent anti-virus and anti-spam policies for their staff," he told Computimes last week.

Among the preventive measures enterprises need to take are to install good gateway anti-virus and desktop anti-virus, and keep them regularly updated.

"Do not use anti-virus software that permits end-user override or switch-off. Ensure that home users are doing work at home and company-owned laptops employ a remote up-to-date anti-virus to synchronise protection and policies with the corporate local area network," Cousins advised.

Other than that, enterprises should use encryption and not permit Web browsing on office personal computers (PCs). Internet relay chat should be prohibited on office PCs and staff should be barred from bringing in or installing software or applications by themselves.

Trend Micro's Asia South regional marketing manager Ang Ah Sin advised network managers to focus on vulnerability prevention and invest in technologies which are able to protect against vulnerable devices from ever connecting to the network.

"These include those without anti-virus protection or those without the required virus pattern file updates or those that did not have the necessary operating system's patches installed. In addition, network managers must ensure that the solution is able to detect, isolate and remove network viruses that slip through other perimeter defences," he explained.

On the trend of threats, Ang said the rising number of phishing attacks is becoming alarming. This involves the act of fooling e-mail users into divulging personal information such as social security number and automated teller machine personal identification and credit card numbers by sending spoof e-mail containing alarming information that convinces a user to visit a fraudulent Web site that asks them to enter their personal information.

In addition to using spoof e-mail, malware (malicious software) writers had been secretly hacking into many popular search engines and e-commerce sites, and planting Trojan scripts on the Web pages.

A user visiting a contaminated site may be infected, and backdoors and key-logging software installed unknowingly steal those personal information, added Ang.

In terms of incidents recorded, the Malaysian Computer Emergency Response Team (MyCERT) reported that local enterprises were not badly hit by worm attacks in the first half of the year as compared to previous years.

"MyCERT cannot predict with certainty what will happen in the next half of the year or the impact on local enterprises as the frequency and instance of worm outbreaks are unpredictable," said manager Solahuddin Shamsuddin.

He said based on outbreaks experienced in previous years, some of the worm attacks took one month to eradicate while others took longer. "For example, in 2001, the Code Red worm attack took three months to eradicate and involved RM22 million in cost. In 2002, it took three months to eradicate the Nimda worm while last year it took two months to eradicate the Blaster and Nachi worms, which involved RM31 million for their eradication."