December 2009 - Posts
This 4 page overview provides an easy-to-understand overview of this increasingly popular computing trend.
Kim Komando - Computing in the cloud
QUOTE: There is an acronym--SaaS, or software as a service. Cloud, as used by geeks, refers to the Internet. So, people computing in the cloud are running software on somebody else's computers. They access those computers via the Internet. The computers could be next door or overseas. When they do that, they don't have to install the software. They don't have to update it. They don't have to upgrade whenever a new version appears. They don't need more powerful computers to run new versions.
Some individuals may have recieved a new PC or copy of Windows 7 as a gift over the holidays. It's important to "always read the manual" before plunging into the install process. Information Week had an informative article recently that complements Microsoft's guidance on how to install. A key recommendation they make is to backup all your existing files (e.g., DVD, CD, Flash Drive, etc)
Another first step is to make Windows 7 as secure as possible. It's also important to apply all Windows updates before using the new system on the Internet extensively (after establishing Firewall protection and AV protection). I like maximum UAC safety settings and enhanced IE8 settings as well.
Windows 7 - Installation Guidelines
QUOTE: Before you get started, the usual precautions apply. Back up any user data that's on the system; make sure you have any device drivers needed for at least the first phase of installation (mass storage controllers, generally); don't attempt to do this in the middle of a day when you plan on getting other work done.
Key Microsoft resources include:
Windows 7 - Official Home Page
Windows 7 - System Requirements (IMPORTANT)
Malware writers continue to use major news events and manipulate search engine rankings so their URLs may be picked up accidentally by users. Always be careful with web searches looking closely at where the URL is directing you. It's also recommended to use major news sites (e.g., CNN, USA Today, AP, Fox), rather than random searches for key news events.
Mayon Volcano Eruption Spews Out SEO Attack
QUOTE: Close on the heels of users seeking out news on the event, of course, are cybercriminals with their usual blackhat SEO tactics. Searching for news on the topic on Google using the string “Mayon Volcano eruption” may lead users to the malicious URL. Afterward, they will again be redirected to any of the following URLs where FAKEAV variants are downloaded onto their systems:
More info on Mayon Volcano and possible eruption
New variants of Koobface are emerging that attempt to trick Facebook users in to downloading fun images or gifts, associated with the holiday season. Please be careful on all social networks as they are very popular and a target for malware writers and criminals to take advantage of folks.
Koobface - Avoid Holiday Gift Downloads on FaceBook
QUOTE: Activities associated with Koobface have increased during the month of December. This morning we noticed a trend with some of the domain-based locations making use of the holiday theme. This has included everything from “presents for your pets” to “festive holiday trees” – these are domains that appear legitimate but are not.
When users go to these sites for these happy holiday thoughts – they are instead instantly greeted by having files downloaded to their computers. And voila – a lovely “gift” is attempting to execute upon them. The gift of holiday identity theft!
Security challenges will continue in 2010. This edition of Red Tape from MSNBC's Technical division summarizes their predictions for a stormy year ahead.
MSNBC - 12 things computer users should fear in 2010
QUOTE: Predictions for 2010 are summarized below:
1. E-mail attachments are back - Trojan horse attacks continue to increase
2. Anti-virus products less effective - AV Vendors have difficulty keeping up with bad guys
3. Fake anti-virus software - In 2009 consumers shelled out $150 million for rogue softare
4. Social networking attacks will continue to increase
5. Botnets - may be even worse
6. Spam - 95 percent?
7. Finally, Apple gets respect - from cybercriminals
8. Cell phones- may see a significant attack against cell phone or smart phone users.
9. SEO poisoning - malicious sites manipulae search engines to rank high
10. WINDOWS 7 - Microsoft has continued to improve security and will malicious attackers be successful?
11. URL shorteners - may take users to malicious web sites
12. Gumblar - advanced website injection to build botnet.
For users getting their first home PCs, these tips are shared in an easy to understand approach. The keys are to ensure the Windows Security Center is "all green", being up-to-date on Windows updates, and best surfing practices.
Kim Komando - Safety Tips before going online with new PC
QUOTE: QUESTION: I'm getting a new laptop. Could you give me a few tips before I connect to the Internet? I've heard you say how quickly you can get infected. Any help would be greatly appreciated. I listen to you every Saturday. —Dave in Wichita, KS, listening on KFH 98.7 FM
ANSWER That's a great question, Dave. Lots of people are getting computers for Christmas. You don't want to start out by being attacked. If you hit the Internet, your new computer could be compromised in minutes. The big problem is drive-by attacks. They take advantage of unrepaired holes in Windows.
These days, nearly any site could contain attack software. Most sites have flaws, which are openings for criminals. They post their malicious programs there. If you go to the site, it will try to download to you. A patched copy of Windows would be OK. Unpatched copies are at great risk. Stay away from e-mail, too. Heaven knows what's in the spam attachments. You probably know better than to open attachments. But we all make mistakes. Better to avoid temptation.
Windows includes many robust services that start automatically when the system boots up. While most of automatically started services are needed, I recently discovered one more having to do with special inputs or additional languages that can be safely disabled.
Advanced users may tweak their systems to diable unnecessary services at startup. Performance improves when unneeded services aren't starting improving bootup times. This service supports alternative inputs and languages starts and if it's not needed, it can be toggled off (and reset in future if needed).
With tools like msconfig, MS SysInternals, or ccleaner, technicians can detect all startup processes and disable unnecessary ones. In each case, it's important to research the service (web search) and the safety in discontinuing it. As many users don't need alternative inputs or languages, this service can be safely disabled following advice below:
CTFMON.EXE - Extended Language Support safely disabled on Windows startup
QUOTE: The ctfmon.exe is a Windows generic process for managing entries alternative text input software such as voice recognition, electronic recognition, braille keyboards, or any alternative to the keyboard. The ctfmon.exe process is useful only for taking different languages, or if one of the features mentioned above is used. Otherwise, this process is not necessary.
Ctfmon.exe file is responsible for monitoring technology "Modes User Input". It starts the component of the "Language Bar" (via the system tray), and starts every time Windows start, continuing to run in the background, whether an Office XP program was started or not.
Always avoid attachments as even MP3 audio files are being created as spam advertising agents
MP3 Spam Is Back!
Trend Micro researchers were alerted to the discovery of spammed messages that bore no subject and body content. The email messages only contained an .MP3 file that when executed, a voice advertising Viagra and other enhancement pills is heard. The said “voice” also entices users to visit a certain URL, which points to the all-too-familiar Canadian pharmacy sites.
EXAMPLES OF PAST MP3 ATTACKS
Security tips related to safety using Facebook can be found in the following links:
Sophos's - Best Practices for Facebook security
QUOTE: ID fraudsters target Facebook and other social networking sites to harvest information about you. Here's how we recommend you set your Facebook privacy options to protect against online identity theft.
* Adjust Facebook privacy settings to help protect your identity
* Read the Facebook Guide to Privacy
* Think carefully about who you allow to become your friend
* Show "limited friends" a cut-down version of your profile
* Disable options, then open them one by one
Facebook - Guide to Privacy
F-Secure has issued their Security Forecast for 2010 and a partial list of key predications are noted below:
F-Secure - Security Forecast for 2010
QUOTE: Here are our predictions for 2010 based on this year's threat analysis.
• Windows 7 will gain market share during 2010. Windows XP will drop below 50% market share overall and will thus reduce the amount of "low hanging fruit." This will improve Internet security in affluent countries ...
• Web search results leading to "location based attacks" using geo-location IP address techniques will increase. They will be localized in terms of language, current news events, and even regional banks that they target.
• There will be more attacks against online banks with tailor-made trojans.
• There will be more iPhone attacks, possibly also proof-of-concept attacks on Android and Maemo. We could also see a 0-day vulnerability used in a large scale exploit.
• At least one large-scale DDoS attack against a nation-state is likely.
• There will be more attacks on social networks such as Facebook, Twitter, Myspace, Linkedln, etc.
• There will be significant data base compromises that lead to tailored attacks. Cyber-criminals now have the resources to analyze, plan, and carry out mass-targeted attacks.
Please keep Windows and AV software updated as dangerous threats continue to circulate. Ransomeware encrypts files on the PC and holds the user hostage until they pay a fee ($89 in this case). Avoid any use of "Data Doctor 2010" and use a cleaning tool from a legitimate AV vendor instead if you become infected
Data Doctor 2010 will make you sick
QUOTE: new piece of today, an encryption trojan. It encrypts the files on your hard drive very rapidly if you’re unfortunate enough to be victimized by it. It arrives through drive by downloads from malicious web sites. It’s also packaged with other malware. The victim receives a message that the system is shutting down due to "Unrecognized disk driver command. The system is then re-booted to safe mode and a message is displayed: "Windows has recovered from a serious error. Some files can be corrupted. Disk checking is strongly recommended."
One of the ISC handlers shares some worthwhile training on the importance of security training. It's important to teach children safety as the Internet is a dangerous environment when it comes to email, web links, and malware. Some facts and quiz are shared. Knowledge of security principles is just as important as security software safeguards.
ISC Security Awareness education for Youth
QUOTE: A few weeks ago it was my pleasure to talk to a group of young people who were participating in a program through Iowa State University School of Engineering. This program is designed to get children interested in and excited about science, technology and engineering.
I explained to them the dangers of illegal download activity, clicking on links in emails, messages and websites, etc. They asked what could be done to improve the condition of the virtual world. I told them how we often times joke about creating a "test" and that everyone would have to pass the test and receive a driver's license before they were allowed on the Internet - the World Wide Superhighway. The group took this to the next level and created a test.
Please be careful with all PDF files, keep AV protection updated, and look for future Adobe releases which will address this issue. I usually keep JS off unless it's required to fill out a PDF form.
Adobe PDF Reader - Zero Day attack circulating
QUOTE: Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
5. Click OK
The Internet Storm Center has issued a timely warning regarding e-card dangers, as these malicious attacks continue to grow in sophistication and appear almost identical to legitimate e-card sites. Keeping AV software updated, carefully checking the URL addresses, and the use of phishing detection tools can help. Also, never open e-cards from someone you do not recognize and be careful even if these e-cards are from someone you know.
Beware the Attack of the Christmas Greeting Cards
QUOTE: Just a word of warning - as happens every year, fake greeting cards are being circulated via email, with malware payloads attached. We got our first reader email on this today, Daniel received a greeting card with a ".net" at the tail end of a legitimate domain. The attackers even went to the trouble of making their site look like the real one! These attacks use more sophisticated phishing techniques every year, and the malware payloads are of course also more difficult to detect each time.
While this issue has most likely been addressed with improved encrypted transmissions, it's important to thoroughly assess all exposures and risks when formulating security solutions.
Military Predator video intercepted by Iraqi Insurgents
QUOTE: Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.
McAfee's AVERT Labs has provided an update on Conficker which still resides on the Internet on unpatched systems.
Conficker - Update from McAfee's AVERT Labs
QUOTE: Conficker, although it actually does very little, continues to be a major annoyance worldwide, so let’s use these excellent charts and graphs as a reason to revisit two important points:
• Update your systems to current patch levels
• Use up-to-date and properly configured security software. Deploy these at a variety of levels whenever possible. (Layers of defense work better than a single solution)
Wikipedia - Conficker is over one year old
• A variant: First appeared 21 November 2008
• B variant: First appeared 29 December 2008
• C variant: First appeared 20 February 2009
• D variant: First appeared 4 March 2009
• E variant: First appeared 7 April 2009 (self-destruction on 3 May 2009)
The December security updates went well on all PCs except for our family PC. After multiple attempts to update, I constantly encountered an "403 Access Forbidden error". In resolving past Windows Update issues, I almost always found solutions by searching the web based on error code or message.
The KB article below was discovered, which provides download links for the latest Windows Update software. The Windows Update Agent 3.0 replaces older DLLs and the manual download is around 6MB. After installing the latest Windows Update Agent 3.0, it resolved my "403" issues, allowing the December updates to be applied.
New Windows Update Agent 3.0 - Resolves 403 Access forbidden error
Facebook has announced the folling privacy and security improvements:
Facebook - New privacy announcements
Message from the founder Mark Zuckerberg
QUOTE: Setting a new standard in user control, Facebook announced today that it is calling on its more than 350 million users to review and update their privacy settings—a first among major Internet services. In addition, Facebook will be rolling out easy-to-use tools to empower people to personalize control over their information—based on what the content is, why they are sharing it, when, and the audience they seek to reach.
* Adding Control For Each Item
* Simplified Privacy Settings
* Help In Choosing Settings
* Expanded Privacy Education
AVERT Labs offers an insightful article on improving Security Awareness in Colleges. Security protection and concepts are important for safeguards against theft, malware, and privacy risks. Colleges should have at least one IT Security class that provide training that will help students in safe computer practices. It will improve saftey for students in any profession they choose.
Boosting Security Awareness in Colleges
QUOTE: Security breaches, laptop theft, and identity theft happen all the time, and these crimes increase every year. The need for people to become more aware of their digital presence and the threats surrounding it is vital. Why choose colleges? Higher education institutions are an ideal platform for spreading security awareness because they produce so much of our future workforce. With computers everywhere in businesses, it’s essential that these graduates learn about the invisible threats that face them and their employers’ information.
Please do not visit any H1N1 sites offered by email, as your PC may become infected with malware.
US CERT Warning - Fake H1N1 alerts circulating in email
Fake H1N1 (Swine Flu) alerts lead to malware
QUOTE: Malicious hackers are using fake alerts around H1N1 (Swine Flu) vaccines to trick end users into installing malware on Windows computers, according to warnings issued by computer security firms. The latest malware campaign begins with e-mail messages offering information regarding the H1N1 vaccination. The e-mail messages contain a link to a bogus Centers for Disease Control and Prevention site with prompts to create a user profile. During this process, a malware file gets planted on the user’s machine.
More Posts Next page »