December 2009 - Posts
This 4 page overview provides an easy-to-understand overview of this increasingly popular computing trend.
Kim Komando - Computing in the cloud
http://www.komando.com/tips/index.aspx?id=7907
QUOTE: There is an acronym--SaaS, or software as a service. Cloud, as used by geeks, refers to the Internet. So, people computing in the cloud are running software on somebody else's computers. They access those computers via the Internet. The computers could be next door or overseas. When they do that, they don't have to install the software. They don't have to update it. They don't have to upgrade whenever a new version appears. They don't need more powerful computers to run new versions.
Some individuals may have recieved a new PC or copy of Windows 7 as a gift over the holidays. It's important to "always read the manual" before plunging into the install process. Information Week had an informative article recently that complements Microsoft's guidance on how to install. A key recommendation they make is to backup all your existing files (e.g., DVD, CD, Flash Drive, etc)
Another first step is to make Windows 7 as secure as possible. It's also important to apply all Windows updates before using the new system on the Internet extensively (after establishing Firewall protection and AV protection).
Windows 7 - Installation Guidelines
http://www.informationweek.com/news/hardware/desktop/showArticle.jhtml?articleID=220700452
QUOTE: Before you get started, the usual precautions apply. Back up any user data that's on the system; make sure you have any device drivers needed for at least the first phase of installation (mass storage controllers, generally); don't attempt to do this in the middle of a day when you plan on getting other work done.
Key Microsoft resources include:
Windows 7 - Official Home Page
http://www.microsoft.com/windows/windows-7/default.aspx
Windows 7 - System Requirements (IMPORTANT)
http://www.microsoft.com/windows/windows-7/get/system-requirements.aspx
Malware writers continue to use major news events and manipulate search engine rankings so their URLs may be picked up accidentally by users. Always be careful with web searches looking closely at where the URL is directing you. It's also recommended to use major news sites (e.g., CNN, USA Today, AP, Fox), rather than random searches for key news events.
Mayon Volcano Eruption Spews Out SEO Attack
http://blog.trendmicro.com/ph-mayon-volcano-eruption-spews-out-seo-attack/
QUOTE: Close on the heels of users seeking out news on the event, of course, are cybercriminals with their usual blackhat SEO tactics. Searching for news on the topic on Google using the string “Mayon Volcano eruption” may lead users to the malicious URL. Afterward, they will again be redirected to any of the following URLs where FAKEAV variants are downloaded onto their systems:
More info on Mayon Volcano and possible eruption
http://news.bbc.co.uk/2/hi/asia-pacific/8417898.stm
http://en.wikipedia.org/wiki/Mayon_Volcano
New variants of Koobface are emerging that attempt to trick Facebook users in to downloading fun images or gifts, associated with the holiday season. Please be careful on all social networks as they are very popular and a target for malware writers and criminals to take advantage of folks.
Koobface - Avoid Holiday Gift Downloads on FaceBook
http://www.avertlabs.com/research/blog/index.php/2009/12/24/not-so-happy-holidays-from-koobface/
QUOTE: Activities associated with Koobface have increased during the month of December. This morning we noticed a trend with some of the domain-based locations making use of the holiday theme. This has included everything from “presents for your pets” to “festive holiday trees” – these are domains that appear legitimate but are not.
When users go to these sites for these happy holiday thoughts – they are instead instantly greeted by having files downloaded to their computers. And voila – a lovely “gift” is attempting to execute upon them. The gift of holiday identity theft!
Security challenges will continue in 2010. This edition of Red Tape from MSNBC's Technical division summarizes their predictions for a stormy year ahead.
MSNBC - 12 things computer users should fear in 2010
http://redtape.msnbc.com/2009/12/about-once-a-year-computer-security-news-leaps-out-of-the-technology-section-and-onto-the-front-page-and-the-top-of-network.html
QUOTE: Predictions for 2010 are summarized below:
1. E-mail attachments are back - Trojan horse attacks continue to increase
2. Anti-virus products less effective - AV Vendors have difficulty keeping up with bad guys
3. Fake anti-virus software - In 2009 consumers shelled out $150 million for rogue softare
4. Social networking attacks will continue to increase
5. Botnets - may be even worse
6. Spam - 95 percent?
7. Finally, Apple gets respect - from cybercriminals
8. Cell phones- may see a significant attack against cell phone or smart phone users.
9. SEO poisoning - malicious sites manipulae search engines to rank high
10. WINDOWS 7 - Microsoft has continued to improve security and will malicious attackers be successful?
11. URL shorteners - may take users to malicious web sites
12. Gumblar - advanced website injection to build botnet.
For users getting their first home PCs, these tips are shared in an easy to understand approach. The keys are to ensure the Windows Security Center is "all green", being up-to-date on Windows updates, and best surfing practices.
Kim Komando - Safety Tips before going online with new PC
http://www.komando.com/tips/index.aspx?id=7762
QUOTE: QUESTION: I'm getting a new laptop. Could you give me a few tips before I connect to the Internet? I've heard you say how quickly you can get infected. Any help would be greatly appreciated. I listen to you every Saturday. —Dave in Wichita, KS, listening on KFH 98.7 FM
ANSWER That's a great question, Dave. Lots of people are getting computers for Christmas. You don't want to start out by being attacked. If you hit the Internet, your new computer could be compromised in minutes. The big problem is drive-by attacks. They take advantage of unrepaired holes in Windows.
These days, nearly any site could contain attack software. Most sites have flaws, which are openings for criminals. They post their malicious programs there. If you go to the site, it will try to download to you. A patched copy of Windows would be OK. Unpatched copies are at great risk. Stay away from e-mail, too. Heaven knows what's in the spam attachments. You probably know better than to open attachments. But we all make mistakes. Better to avoid temptation.
[Id] Windows includes many robust services that start automatically when the system boots up. While most of automatically started services are needed, I recently discovered one more having to do with special inputs or additional languages that can be safely disabled.
Advanced users may tweak their systems to diable unnecessary services at startup. Performance improves when unneeded services aren't starting improving bootup times. This service supports alternative inputs and languages starts and if it's not needed, it can be toggled off (and reset in future if needed).
With tools like msconfig, MS SysInternals, or ccleaner, technicians can detect all startup processes and disable unnecessary ones. In each case, it's important to research the service (web search) and the safety in discontinuing it. As many users don't need alternative inputs or languages, this service can be safely disabled following advice below:
CTFMON.EXE - Extended Language Support safely disabled on Windows startup
http://en.kioskea.net/faq/sujet-1780-disable-ctfmon-exe-at-startup
QUOTE: The ctfmon.exe is a Windows generic process for managing entries alternative text input software such as voice recognition, electronic recognition, braille keyboards, or any alternative to the keyboard. The ctfmon.exe process is useful only for taking different languages, or if one of the features mentioned above is used. Otherwise, this process is not necessary.
Ctfmon.exe file is responsible for monitoring technology "Modes User Input". It starts the component of the "Language Bar" (via the system tray), and starts every time Windows start, continuing to run in the background, whether an Office XP program was started or not.
8] Always avoid attachments as even MP3 audio files are being created as spam advertising agents
MP3 Spam Is Back!
http://blog.trendmicro.com/mp3-spam-is-back
Trend Micro researchers were alerted to the discovery of spammed messages that bore no subject and body content. The email messages only contained an .MP3 file that when executed, a voice advertising Viagra and other enhancement pills is heard. The said “voice” also entices users to visit a certain URL, which points to the all-too-familiar Canadian pharmacy sites.
EXAMPLES OF PAST MP3 ATTACKS
Security tips related to safety using Facebook can be found in the following links:
Sophos's - Best Practices for Facebook security
http://www.sophos.com/security/best-practice/facebook/
QUOTE: ID fraudsters target Facebook and other social networking sites to harvest information about you. Here's how we recommend you set your Facebook privacy options to protect against online identity theft.
* Adjust Facebook privacy settings to help protect your identity
* Read the Facebook Guide to Privacy
* Think carefully about who you allow to become your friend
* Show "limited friends" a cut-down version of your profile
* Disable options, then open them one by one
Facebook - Guide to Privacy
http://www.facebook.com/privacy/explanation.php
F-Secure has issued their Security Forecast for 2010 and a partial list of key predications are noted below:
F-Secure - Security Forecast for 2010
http://www.f-secure.com/weblog/archives/00001835.html
QUOTE: Here are our predictions for 2010 based on this year's threat analysis.
• Windows 7 will gain market share during 2010. Windows XP will drop below 50% market share overall and will thus reduce the amount of "low hanging fruit." This will improve Internet security in affluent countries ...
• Web search results leading to "location based attacks" using geo-location IP address techniques will increase. They will be localized in terms of language, current news events, and even regional banks that they target.
• There will be more attacks against online banks with tailor-made trojans.
• There will be more iPhone attacks, possibly also proof-of-concept attacks on Android and Maemo. We could also see a 0-day vulnerability used in a large scale exploit.
• At least one large-scale DDoS attack against a nation-state is likely.
• There will be more attacks on social networks such as Facebook, Twitter, Myspace, Linkedln, etc.
• There will be significant data base compromises that lead to tailored attacks. Cyber-criminals now have the resources to analyze, plan, and carry out mass-targeted attacks.
Please keep Windows and AV software updated as dangerous threats continue to circulate. Ransomeware encrypts files on the PC and holds the user hostage until they pay a fee ($89 in this case). Avoid any use of "Data Doctor 2010" and use a cleaning tool from a legitimate AV vendor instead if you become infected
Data Doctor 2010 will make you sick
http://sunbeltblog.blogspot.com/2009/12/data-doctor-2010-will-make-you-sick.html
QUOTE: new piece of today, an encryption trojan. It encrypts the files on your hard drive very rapidly if you’re unfortunate enough to be victimized by it. It arrives through drive by downloads from malicious web sites. It’s also packaged with other malware. The victim receives a message that the system is shutting down due to "Unrecognized disk driver command. The system is then re-booted to safe mode and a message is displayed: "Windows has recovered from a serious error. Some files can be corrupted. Disk checking is strongly recommended."
One of the ISC handlers shares some worthwhile training on the importance of security training. It's important to teach children safety as the Internet is a dangerous environment when it comes to email, web links, and malware. Some facts and quiz are shared. Knowledge of security principles is just as important as security software safeguards.
ISC Security Awareness education for Youth
http://isc.sans.org/diary.html?storyid=7783
http://www.isek.iastate.edu/fll/
QUOTE: A few weeks ago it was my pleasure to talk to a group of young people who were participating in a program through Iowa State University School of Engineering. This program is designed to get children interested in and excited about science, technology and engineering.
I explained to them the dangers of illegal download activity, clicking on links in emails, messages and websites, etc. They asked what could be done to improve the condition of the virtual world. I told them how we often times joke about creating a "test" and that everyone would have to pass the test and receive a driver's license before they were allowed on the Internet - the World Wide Superhighway. The group took this to the next level and created a test.
Please be careful with all PDF files, keep AV protection updated, and look for future Adobe releases which will address this issue. I usually keep JS off unless it's required to fill out a PDF form.
Adobe PDF - Zero Day attack circulating
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://www.avertlabs.com/research/blog/index.php/2009/12/16/another-adobe-reader-zero-day-take-care/
QUOTE: Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available
HOW TO DISABLE JAVASCRIPT IN ADOBE READER
Customers can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK
The Internet Storm Center has issued a timely warning regarding e-card dangers, as these malicious attacks continue to grow in sophistication and appear almost identical to legitimate e-card sites. Keeping AV software updated, carefully checking the URL addresses, and the use of phishing detection tools can help. Also, never open e-cards from someone you do not recognize and be careful even if these e-cards are from someone you know.
Beware the Attack of the Christmas Greeting Cards
http://isc.sans.org/diary.html?storyid=7759
QUOTE: Just a word of warning - as happens every year, fake greeting cards are being circulated via email, with malware payloads attached. We got our first reader email on this today, Daniel received a greeting card with a ".net" at the tail end of a legitimate domain. The attackers even went to the trouble of making their site look like the real one! These attacks use more sophisticated phishing techniques every year, and the malware payloads are of course also more difficult to detect each time.
While this issue has most likely been addressed with improved encrypted transmissions, it's important to thoroughly assess all exposures and risks when formulating security solutions.
Military Predator video intercepted by Iraqi Insurgents
http://online.wsj.com/article/SB126102247889095011.html
http://gcn.com/articles/2009/12/17/insurgents-hack-predator-video.aspx
QUOTE: Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.
More Posts
Next page »