|
Many things you think are safe
really aren’t
Written by Bob de Violini, a member of the Channel Islands PC Users
Group, California
http://www.cipcug.org
rjddev(at)gmail.com
It’s not too often I come across something that’s a
really
good read, but I just have. It’s an article on the Dark
Reading
Web site, a site that deals with computer security and is mostly aimed
at those who deal with computer security and computer network security
for a living. It’s quite lengthy by many standards, but
it’s worth it. The article deals with “myth
busting”
or spelling out behaviors that many computer end users at work believe
is still “safe” (meaning that they don’t
think
they’ll hurt the computer network at work) or that they
won’t get caught at. Point is, someone is still watching, you
just will never know when. The title of the article is “The
Ten
Most Dangerous Things Users Do Online”, and can be had at the
following URL: http://www.darkreading.com/document.asp?doc_id=107771&print=true.
The link will take you to a page with no ads or anything else on the
page. It just has the text of the whole article, so you don’t
have to look at any potentially annoying ads or anything else on the
page. You can even print it out and it will probably look pretty good.
Some of the terms can be somewhat technical, but that’s what
we’re here for is to answer any questions you may have and to
help you have a more enjoyable computing experience, be it online or
offline while working on a file or document. If you do have any
questions, feel free to send me a note at the email address that
appears at the beginning of this article. Bear in mind that the article
spells out what users are doing mostly at work or at home with a laptop
from their employer, and not from home on their own computers. How many
habits that you have right now or may have had in the past are on that
list?
To quote Monty Python, “And now, for something completely
different…” and I do mean different.
There’s a
Trojan horse type of malware circulating out there that takes the
strange step of scanning your system for other malware by installing an
anti virus engine. Then, once your system’s been cleaned, it
then
infects your machine with its own code! The Trojan uses an illegal copy
of an antivirus application from Kasperky Labs to the scrubbing before
it infects your system. The illegal scanner checks your system and
deletes anything found after you reboot your system. That’s
when
you get infected with this new Trojan, which goes by the name of
SpamThru Trojan. Although there have been other pieces of malware that
have blocked the execution of certain competing pieces of malware, this
new procedure changes the whole picture. While I’d normally
think
of a free scan of my system to remove malware or viruses, this is the
kind of favor that nobody needs. By now, most of the anti-malware
scanners have had their signatures updated to catch this little bug, of
go out and update your anti-malware product’s definitions, or
signatures, if you haven’t done so in the last week. This
Trojan
also uses more sophisticated ways of keeping itself updated and running
than others have, but the techniques are beyond the scope of this
column.
Now, from the “What’s New is Old”
department, we have
reports of Internet Explorer 7, which was just released on the 19th of
October, having a new vulnerability that’s actually a
holdover
from the first early days of IE6. There has been banter back and forth
within the computer security community about whether or not
it’s
new and whether or not Microsoft will even fix it. Apparently,
Microsoft’s been saying that the flaw isn’t with
the
browser, but with it’s companion piece of software, Outlook
Express. The vulnerability remains unpatched to this day.
There’s
also another bug with IE7 that was also present in IE6 when it was
first released in June 2004. At that time, Microsoft said to disable
the “Navigate sub frames across different domains”
setting
in the browser, which would avoid the vulnerability. However IE7 comes
with that setting disabled and it is still vulnerable to the bug. At
this writing, IE7 is available on the Windows Update site as a High
Priority download, and will also be available via the Automatic Updates
feature in Windows XP and Windows 2000. Because of the uproar over this
vulnerability, I’d suggest avoiding the new browser for a
while
until Microsoft patches the vulnerability or they release a workaround
that actually works. You can set the Automatic Updates feature to just
notify you of the updates that are available but not download them, or
you can set it to tell you about the downloads and download them for
you but not install them. Either of these options will work for
avoiding the installation of IE7 for now.
Now for some news from the SANS Institute about some scams and other
bugs that have been making the rounds, especially one that infected
iPods in Japan. If they were infected in Japan, there’s no
telling when it will happen on this side of the Pacific. Apple has
taken steps to eradicate the bug, but it’s still worth
noting.
Ok, here we go:
QQpass spyware (Trojan variant)
As many as 100,000 Flash MP3 players, given away as prizes by
McDonald’s in Japan, were found to be infected with a variant
of
the QQpass spyware Trojan horse program. The players were preloaded
with ten songs and the malware. McDonald’s Japan has
apologized,
established a helpline to facilitate the recall of the infected MP3
players, and posted directions for cleaning infected PCs. More
information can be had at the following link:
http://www.theregister.co.uk/2006/10/16/mcd_spyware_mp3_recall/print.html
Here is a scam that can potentially snag a lot of folks out of the
“fear factor” it implements:
FBI Imprimatur Added to Phishing Scams
Fraudulent phishing e-mails claiming to be from Richard Mueller III,
FBI Director, and Donna M. Uzzell, FBI Compact Council Chairman, offer
recipients big bucks and threaten big penalties if you don cooperate.
More information:
http://www.emergencyemail.org/newsemergency/anmviewer.asp?a=155&z=1
This next bit was just too good to not pass along in the The Outer Edge
(CIPCUG award-winning newsletter). It explains a term
that’s being used more and more these days with regards to
computer security and the vulnerabilities that are being discovered:
Security Question of the Month: What is a Zero-Day Exploit?
A zero-day exploit (attack) is one that takes advantage of a security
vulnerability before or on the day that the existence of the
vulnerability becomes widely known. Three or four years ago, hackers
needed 7-14 days to figure out how to use a newly discovered
vulnerability in order to launch an exploit. That lead time allowed
hardware manufacturers and software developers to notify their
customers, recommend ways to cope with it, and distribute software
patches and anti-virus updates.
But there are more hackers, and they're getting better at what they do.
So, how do you defend your computer when you have 0 days to prepare?
You can. But if you keep your computer security software up-to-date,
you’ll help decrease your overall risk and increase the
chances
that a patch or update will reach your computer ahead of an exploit.
The above pieces were taken from the November issue of OUCH! a computer
end user newsletter put out by the SANS Institute via email. More
information and previous editions, as well as this month’s
can be
had at the following link:
https://www.sans.org/newsletters/#ouch
Well, that’s all for this month. Stay safe out on the Web,
and
remember to keep your anti virus and anti malware programs fully
updated at all times to help prevent future infections from affecting
you.
There is no restriction against any non-profit group using this article
as long as it is kept in context with proper credit given the author.
The Editorial Committee of the Association of Personal Computer User
Groups (APCUG), an international organization of which this group is a
member, brings this article to you.
|
Pat Ingram, Equipment Sale
Claude
Westfall, Digital Photography for Everyone: