Tuesday, June 23, 2009

VIRUS



Computer Viruses

Every day new computer viruses are created to annoy us and to wreck havoc on our computer systems. Below are ten viruses currently cited as being the most prevalent in terms of being seen the most or in their ability to potentially cause damage. New viruses are created daily. This is by no means an all inclusive list. The best thing you can do is to remain vigilant, keep your anti-virus software updated, and stay aware of the current computer virus threats.

Virus: Trojan.Lodear
A Trojan horse that attempts to download remote files. It will inject a .dll file into the EXPLORER.EXE process causing system instability.

Virus: W32.Beagle.CO@mm
A mass-mailing worm that lowers security settings. It can delete security-related registry sub keys and may block access to security-related websites.

Virus: Backdoor.Zagaban

A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.

Virus: W32/Netsky-P
A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.

Virus: W32/Mytob-GH
A mass-mailing worm and IRC backdoor Trojan for the Windows platform. Messages sent by this worm will have the subject chosen randomly from a list including titles such as: Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.

Virus: W32/Mytob-EX
A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH. W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. This virus spreads by sending itself to email attachments harvested from your email addresses.

Virus: W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER

This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).


Virus: Zafi-D
A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe. It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension. W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe. W32/Zafi-D will also display a fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".

Virus: W32/Netsky-D
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.

Virus: W32/Zafi-B

A peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com. A bilingual, worm with an attached Hungarian political text message box which translates to “We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, Pécs (SNAF Team)”


Monday, June 22, 2009

Fighting Spam

How prevalent is Spam? According to Scott McAdams, OMA Public Affairs and Communications Department (www.oma.org):

“Studies show unsolicited or “junk” e-mail, known as spam, accounts for roughly half of all e-mail messages received. Although once regarded as little more than a nuisance, the prevalence of spam has increased to the point where many users have begun to express a general lack of confidence in the effectiveness of e-mail transmissions, and increased concern over the spread of computer viruses via unsolicited messages.”

In 2003, President Bush signed the “Can Spam” bill, in December of 2003 which is the first national standards around bulk unsolicited commercial e-mail. The bill, approved by the Senate by a vote of 97 to 0, prohibits senders of unsolicited commercial e-mail from using false return addresses to disguise their identity (spoofing) and the use of dictionaries to generate such mailers. In addition, it prohibits the use of misleading subject lines and requires that emails include and opt-out mechanism. The legislation also prohibits senders from harvesting addresses off Web sites. Violations constitute a misdemeanor crime subject to up to one year in jail.

One major point that needs to be discussed about this: spam is now coming from other countries in ever-greater numbers. These emails are harder to fight, because they come from outside our country’s laws and regulations. Because the Internet opens borders and thinks globally, these laws are fine and good, but do not stop the problem.

So what do you do about this? Her are the top 5 Rules to do to protect from spam.

Number 1: Do what you can to avoid having your email address out on the net.

There are products called “spam spiders” that search the Internet for email addresses to send email to. If you are interested, do a search on “spam spider” and you will be amazed at what you get back. Interestingly, there is a site, WebPoison.org, which is an open source project geared to fight Internet "spambots" and "spam spiders", by giving them bogus HTML web pages, which contain bogus email addresses

A couple suggestions for you: a) use form emails, which can hide addresses or also b) use addresses like sales@company.com instead of your full address to help battle the problem. c) There are also programs that encode your email, like jsGuard, which encodes your email address on web pages so that while spam spiders find it difficult or impossible to read your email address.

Number 2: Get spam blocking software. There are many programs out there for this. (go to www.cloudmark.com or www.mailwasher.net for example). You may also buy a professional version. Whatever you do, get the software. It will save you time. The software is not foolproof, but they really do help. You usually have to do some manual set up to block certain types of email.

Number 3: Use the multiple email address approach.

There are a lot of free email addresses to be had. If you must subscribe to newsletters, then have a “back-up” email address. It would be like giving your sell phone number to your best friends and the business number to everyone else.

Number 4: Attachments from people you don’t know are BAD, BAD, BAD.

A common problem with spam is that they have attachments and attachments can have viruses. Corporations often have filters that don’t let such things pass to you. Personal email is far more “open country” for spamers. General rule of thumb: if you do not know who is sending you something, DO NOT OPEN THE ATTACHMENT. Secondly, look for services that offer filtering. Firewall vendors offer this type of service as well.

Number 5: Email services now have “bulk-mail” baskets. If what you use currently does not support this, think about moving to a new vender. The concept is simple. If you know someone, they can send you emails. If you don’t know them, put them in the bulk email pile and then “choose” to allow them into your circle. Spam Blocking software has this concept as well, but having extra layers seems critical these days, so it is worth looking into.




Get Into the Zone

Malware. An odd sounding word created to lump all malicious software programs, including viruses, worms, trojans, spyware, adware, and other malevolent codes into one cause-your-computer-serious-hurt category.

In 2005, Computer Economics released a report on malware. The good news was that for the first time since 2002, the total worldwide financial losses from malware actually declined to a mere $14.2 billion. The bad news was that the nature of malware was changing from overt threats to more focused, covert attacks. This definitely is not great news for the average computer user just trying to keep up with the hundreds of malware programs that bombard us daily.

It’s not an easy task keeping malware out of your computer system. In order to accomplish this, you need a strong antivirus program. One such program that can deliver the goods is ZoneAlarm Internet Security Suite 6 from Zone Labs. Zone Labs is one of the most trusted brands in Internet Security for good reason. Their product, simply put, kicks serious malware gluteus maximus.

ZoneAlarm has received more review recommendations that any other Internet-security software suite because of its superb firewall and antivirus protection. It blocks pop-up ads, protects against identify theft and provides adequate spam filters that are flexible. It even beats the market leader, Norton Internet Security, which is often criticized for excessive system drag.

Its newest version includes these additional features:

· Triple Defense Firewall to prevent spyware from sending your information across the Internet. It also makes your computer invisible to anyone on the Net.

· Smart Defense Advisor which can automatically adjust your security settings for maximum protection against the latest virus and spyware outbreaks.

· Advanced Identify and Privacy Protection to prevent your personal data from leaving your computer without your approval.

The bonus for the average user who cringes at the idea of setting-up one of these systems is that the interface is easier to understand and use in comparison to most if its competitors. If you choose to venture beyond the out-of-the-box default settings, and install a more elaborate filtering, know that this will require some additional time to set up on your part.

Overall, ZoneAlarm Internet Security Suite is a user-friendly, comprehensive security solution that will have your computer safe from Internet hazards and cyber criminals within minutes of installation.




Heck are Botnets?

"A botnet is comparable to compulsory military service for windows boxes" - Stromberg (http://project.honeynet.org/papers/bots/)

Botnets are networks of computers that hackers have infected and grouped together under their control to propagate viruses, send illegal spam, and carry out attacks that cause web sites to crash.

What makes botnets exceedingly bad is the difficulty in tracing them back to their creators as well as the ever-increasing use of them in extortion schemes. How are they used in extortion schemes? Imagine someone sending you messages to either pay up or see your web site crash. This scenario is starting to replay itself over and over again.

Botnets can consist of thousands of compromised machines. With such a large network, botnets can use Distributed denial-of-service (DDoS) as a method to cause mayhem and chaos. For example a small botnet with only 500 bots can bring corporate web sites to there knees by using the combined bandwidth of all the computers to overwhelm corporate systems and thereby cause the web site to appear offline.

Jeremy Kirk, IDG News Service on January 19, 2006, quotes Kevin Hogan, senior manager for Symantec Security Response, in his article "Botnets shrinking in size, harder to trace", Hogan says "extortion schemes have emerged backed by the muscle of botnets, and hackers are also renting the use of armadas of computers for illegal purposes through advertisements on the Web."

One well-known technique to combat botnets is a honeypot. Honeypots help discover how attackers infiltrate systems. A Honeypot is essentially a set of resources that one intends to be compromised in order to study how the hackers break the system. Unpatched Windows 2000 or XP machines make great honeypots given the ease with which one can take over such systems.

A great site to read up on this topic more is The Honeynet Project (http://project.honeynet.org) which describes its own site's objective as "To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned."


Sunday, June 21, 2009

Trojan



The Trojan can be tricky. Who hasn’t been online and had an advertisement pop up claiming to be able to rid your computer of some nasty virus? Or, even more frightening, you receive an email that claims to be alerting you to a new virus that can threaten your computer. The sender promises to quickly eradicate, or protect, your computer from viruses if you simply download their “free”, attached software into your computer. You may be skeptical but the software looks legitimate and the company sounds reputable. You proceed to take them up on their offer and download the software. In doing so, you have just potentially exposed yourself to a massive headache and your computer to a laundry list of ailments.

When a Trojan is activated, numerous things can happen. Some Trojans are more annoying than malicious. Some of the less annoying Trojans may choose to change your desktop settings or add silly desktop icons. The more serious Trojans can erase or overwrite data on your computer, corrupt files, spread other malware such as viruses, spy on the user of a computer and secretly report data like browsing habits to other people, log keystrokes to steal information such as passwords and credit card numbers, phish for bank account details (which can be used for criminal activities), and even install a backdoor into your computer system so that they can come and go as they please.

To increase your odds of not encountering a Trojan, follow these guidelines.

1. Remain diligent
Trojans can infect your computer through rogue websites, instant messaging, and emails with attachments. Do not download anything into your computer unless you are 100 percent sure of its sender or source.

2. Ensure that your operating system is always up-to-date. If you are running a Microsoft Windows operating system, this is essential.

3. Install reliable anti-virus software. It is also important that you download any updates frequently to catch all new Trojan Horses, viruses, and worms. Be sure that the anti-virus program that you choose can also scan e-mails and files downloaded through the internet.

4. Consider installing a firewall. A firewall is a system that prevents unauthorized use and access to your computer. A firewall is not going to eliminate your computer virus problems, but when used in conjunction with regular operating system updates and reliable anti-virus software, it can provide additional security and protection for your computer.

Nothing can guarantee the security of your computer 100 percent. However, you can continue to improve your computer's security and decrease the possibility of infection by consistently following these guidelines.


Encryption

About Encryption and Making Your System Secure

What does encryption do for me?

Encryption and cryptographic software has been used in many different ways to make systems more secure. This article discusses only a few ways that such software can make your system more secure, including:

1) Encrypting your email

2) Encrypting your files

To programs are mentioned that will help encrypt information. There are many more programs out there that will help, but these programs are good and a good place to start as any. They have the added benefit of both being free with source code available.

Will encryption stop people from accessing my information?

Encryption simply makes it harder for people to gain access to important information, like passwords or sensitive information in a file. The first thing you should know about encryption is that the algorithm that is used to encrypt can be simple or more complex and that affects how securely what you have encrypted is protected. Encryption systems have been broken when the method of encryption is understood by hackers and is easy to break.

Why bother to encrypt my email?

It should be noted that email is far less secure than paper mail for two very good reasons: first, electronic data can be accessed easily over an Internet and secondly, electronic data is really simple to copy. There is a very good chance that someone has snooped around in your email despite your best intentions to stop it.

How do I go about encrypting my email?

There are many programs out there that can help you encrypt your email. A very popular one is PGP (Pretty Good Privacy) or its Gnu offshoot GPG.

PGP (http://www.pgpi.org/) self-describes itself this way: This "is a program that gives your electronic mail something that it otherwise doesn't have: Privacy. It does this by encrypting your mail so that nobody but the intended person can read it. When encrypted, the message looks like a meaningless jumble of random characters. PGP has proven itself quite capable of resisting even the most sophisticated forms of analysis aimed at reading the encrypted text."

Why bother to encrypt my files?

The answer to this boils down to what you store on your computer. If you have financial data with important information like social security numbers, email addresses, account numbers and passwords, then you open yourself up to losing very valuable information. Most corporate Internet security employees will attest to the widespread theft of very valuable information. As long as you are connected to the Internet you are vulnerable.

How do I go about encrypting my files?

AxCrypt File Encryption Software (http://axcrypt.sourceforge.net/) Self-described as "Free Personal Privacy and Security for Windows 98/ME/NT/2K/XP with AES-128 File Encryption, Compression and transparent Decrypt and Open in the original application."