Archive for August, 2011

 

The new rules to protect your PC from malware

 
 
 
 
 
The worst defence is thinking you’re protected because you have an antivirus you paid good money for
Unless you’re using Windows 98 or a i486 system with no internet connection you will be at risk of malware infections even with your well known brand antivirus and  spyware scanners, because modern malware can turn off or damage your AV scanner and avoid detection using sophisticated methods such as CD Emulation Technology. A  malware rogue that first emerged in 2009 recently shutdown the website of the London Stock Exchange. This type of rogue application silently injects malicious code from infected ads on legitimate websites. Staying safe online needs a rethink of the battle plan. It’s no longer about just one thing, like a good antivirus.

 

How does malware get on my computer?

Sometimes malware and rogue programs are unknowingly downloaded when searching online for help with a slow computer, or free virus scanners. This is what people do a lot. Malware that silently injects code onto a system when visiting a legitimate website that has been compromised through its advertising network is difficult to detect. Other infection or attack vectors include Facebook, clicking on bad links in chat programs such as MSN Messenger and Live Messenger, and clicking on infected attachments or links to phishing sites. An example of a phishing link is the spoofed seek.com email. Clicking on the link in the spoofed email leads to a phishing scam website that looks remarkably like the real thing. It’s hard to spot the difference.

One way to spot the difference is to upgrade your browser to the latest version for your operating system, and upgrade to Internet explorer 9 for suitable systems. In the address field of the URL the domain is highlighted and the remainder is greyed out. If you seen jobs.seek.com for example it is likely to be a scam because the seek domain is seek.com, not jobs.seek.com.

But some phishing emails look perfectly like the real thing. How can you tell if the email is spoofed? It’s not that hard. You can read the header of the email by right clicking on the unopened email in the Outlook 2007 window and choosing message options. Here you can see the sender domain after the @ symbol and the reply to address.
In Outlook 2010 you can enable message options to the QAT by following these simple instructions over at slipstick.com

Steps to Securing your System
You cannot run a computer without a good antivirus and malware scanner, in spite of some malware being able to shut down either of these types of defences. Malware and spyware are also often downloaded by a dropper using a Trojan to deliver the payload so AV and malware level protection is an essential, but not front line defence – anymore.

Advanced level steps:
1. Ensure your operating system is up to date. Malware will exploit vulnerabilities in the system and many critical updates in Windows are security related patches. In Windows 7 and Vista type “update” into the search (start) field and choose Windows updates. In WinXP you can find the updates website in the left pane of the control panel. Updates should be set to automatic but it doesn’t hurt to go through the steps above to check if your system is current. If you have pirated software you are at a high risk of infestation.
2. Java and the Flash Player are on most computers so it’s not surprising they are targeted by cyber-criminals. Rogue /scareware programs capable of injecting code from a website  commonly uses the CVE/Java Exploit.  To check if you have the latest Java version visit the Java test centre at Sun Microsystems.
3. On badly infected systems we sometimes find more than one malware/spyware scanner – in some cases competing with each other. We recommend ESET Antivirus and Malwarebytes which work together well. ESET is from Slovakia with an office in Brisbane and is the preferred antivirus shipped with new Intel 2nd generation motherboards.
4. The most common rogue infection is referred to as scareware (figure 1) because it wants you to believe that list of infections it’s showing you are really on your PC. Of course they are not, but it will attempt to defraud your credit card. Each time you click the red X to close the window it will install another instance of itself. This (type) of program is also known to install rootkits and keyloggers which are difficult to detect. If the malware program appears to have been removed by your AV program it may have installed its keylogger payload.
5. The Rapport web browser plugin from Trusteer.com is a highly regarded anti-keylogger tool used by many major banks in the US and Europe. The standalone version is free. Install this into your browser and click to protect specific websites such as your bank.
6. Recently we have seen a browser re-direct that is installed not in the PC, but in the router. Each request in Google search redirected to an unrelated website. The reason the bug was able to install into the router was because it had a default password. When setting router passwords or any password the usual advice is to use complex and difficult passwords. The downside to that is they are impossible to remember. The most common ways to find someone else’s password is to (a) guess (b) use brute force attacks (c) common words (guessing again). Using any of these methods involves a hacker using a script such as a dictionary script. A password like PASSWORD or FIDO3 will take between 3 minutes and hour to guess using an automated script which can be downloaded free on the web. Let’s look at a password example of gehdfa7. A brute force attack running an automated script with 100 passes per second will eventually be hacked (guessed) by the script in some short theoretical time frame (<12mths). If you create a mix of capitals such as gEhdFa7 it would be more likely to take >100 years with an automated script at 100 passes per second. But who’s going to remember gobbledegook? If you use a three word phrase like this “just in time” (with spaces or underscore) it will take in excess of thousand years to brute force hack. And bonus! You will always remember it. The places where passwords are most important is websites you visit such as ebay, banks etc.
7. The password on your computer is less important than websites because the likelihood of your PC getting hacked behind the NAT firewall on most modern routers with a password is remote. Why would your PC be worth the effort of a serious hacker anyway? But using your full name JAMES BLUNT as your login name will be recorded (a) when you upload a photo on some for sale website (b) In the meta data of a Word document. The person who terrorised a young girl in Sydney recently with the collar-bomb hung a lanyard around the girls neck with a USB thumb drive attached that had the ransom note and instructions on it. There was just the one document but data forensics found traces of deleted files including the meta data of an early word document which showed the user logged in at the time as Peter.P. The suspect in the case is Paul Peters. Word documents also contain a history of changes.

8. Using an open DNS server network helps to protect you from phishing sites and infected websites matched in the DNS databases by contributed to by over 20 million users of OpenDNS. OpenDNS is a service which also allows you to block access to Facebook and IM programs during working hours! Or at home. You can block access to naughty content at the router level which will affect all PC’s on the network. The free OpenDNS will often have a side effect of speeding up internet browsing. The VIPRE antivirus from Sunbelt Software uses a similar paid version of a DNS service called Clear Cloud to protect against infected sites and is a similarly very effective tool.
9. Be careful of other people’s USB drives. Beware the sales rep, or even the IT guy fixing your computer who inserts and opens a USB drive on your PC without a password. They could be transferring a virus, or silently installing a keylogger.
10. A lot of criminal-ware takes advantage of common download searches such as registry cleaners, system optimizers, and free antivirus scanners. Be careful what you wish for!

Call us for onsite mobile virus malware removal

© Copyright 2010. Wired Office Computers Perth WA.