SecurityDaze: September 2013

Monday, September 30, 2013

NEW MALWARE OUT ON THE RANGE

AND THEY CALL IT: "FORT DISCO"

A title that wouldn't fit in with any of John Wayne's westerns, "Fort Disco" was found roaming around in August by Arbor Networks, who estimated it has infected over 25,000 Windows computers as well as being used to guess administrator account passwords on over 6,000 WordPress, Joomla, and Datalife engine websites, and is also being used to attack email and FTP servers with what is called a "Brute-Force Attack". [SOURCE: IDG NEWS SERVICE].

You can read their report about "Fort Disco" HERE.

'Nuff Said,
Brian

Monday, September 23, 2013

MONDAY MORNING REPORT

email

SOME COUNTRIES HAVE TO HOG ALL THE NEWS

Once again the "SEA" [Syrian Electronic Army] is at it again, but not by hacking a Newspaper this time. Apparently a new OS X Trojan was found and blocked by Apple's Xprotect. It's packaged in typical "Trojan Horse" style, and then starts to run a script mode. Good Job "Xprotect" and you can read the full story HERE.

APPLE SINKS "SEA" TROJAN

BUT WAIT...THERE'S MORE!!

YELLOW ALERT

According to a Computer World article, the "Internet Storm Center" raised their alert status to YELLOW. A group, called "Bit9" that had raised havoc in February is fervently using Microsoft's "Zero Day exploit" I wrote about September 18th, putting pressure on Micro-Ballmer to fix the darn thing. In any other business an exploit that has lasted ten years or more without a fix would lead to many terminations [ed.- well, Ballmer IS leaving within 12 months...]

"..and the exploit was being infiltrated two to three weeks before Microsoft made it aware of to the public."

The groups attack has been dubbed operation "Deputy Dog", and the exploit was being infiltrated two to three weeks before Microsoft made it aware to the public. Security group "FireEye" said, "These attackers have demonstrated previously-unknown zero-day exploits and a robust set of malware payloads," said FireEye of the hackers behind DeputyDog. Read the full article HERE.

'Nuff Said,
Brian

Wednesday, September 18, 2013

ZERO DAY EXPLOIT

Yes, as you've gathered by the big "e", it's zero day exploit time for all Internet Explorer browser versions, which includes I.E. 6, 7, 8, 9, 10, and 11 (and it hasn't come out yet). Most of the attacks are aimed at the browsers most currently in use (i.e. 8/9), but could hit a few people using i.e. Fido (10). What a dog i.e.10 is, but I don't want to go down that path right now...

It isn't really safe to know where to browse, so I'd suggest using the latest version of Fire Fox for now. This information came via email alert as well as the article which you will find HERE.


'Nuff Said, Brian

Sunday, September 8, 2013

WHAT ARE "PUP" AND "PUM" FILES?

email

I SEE A TON OF THESE ON VIRUS SCANS

Are these good, bad, or ugly? Let's look at PUP first. PUP can stand for "Potentially Unwanted Program" or, in the realm of the Sony "Playstation" it would be "Playstation Update Package".

I think we can discount the Playstation description when doing virus scans on a computer, but if these pop up on your virus scan it can be difficult to determine what their purpose is. On a PC, a "PUP" can be a Virus, Spyware, or Adware program. Because Anti-Virus programs can't determine whether it's good, bad, or ugly I usually select "CHECK ALL" to remove them.

PUM

PUM's are typically more dangerous, the letters standing for "Potentially Unwanted Modification" and usually are used for re-directing your browser to another website that may not look at all like where you wanted to go, or, looks just like the website and when you put in your login name and password the bad guys have it.

This is usually done via "Proxy" which can be accomplished through several methods:

In Internet Explorer there is a proxy section [under Internet options] which can be activated and a specific IP address put in the proper place so you go there first.
In the HOSTS file the hacker can put various website names like Amazon, Chase, Walmart, Target, etc. and each website points to the same IP address, directing you to their fake server.
The registry can be hacked as well, and found in this location:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer

In any case if you're scanning your PC with Malwarebytes and when it ends you see 203 viruses found, don't have a heart attack - they will most likely be PUP's and PUM's. There may be one that has been "check marked" because Malwarebytes could determine it was bad, and leave all the other unchecked, but my advice is to right-click on a check-box and select "Check all", then let the program delete them.

In the case of Malwarebytes it will have you do a restart right away. I would select NO, then go to My Computer, right-click on it and select properties, disable the restore points (which may now be infected) and THEN restart your computer. Once it's up and running go back and turn the restore points back on, go back to Malwarebytes, run another update, then select a FULL scan [ed.- just to be sure].

'Nuff Said,
Brian

Friday, September 6, 2013

HELL JUST FROZE OVER

email

I NEVER THOUGHT I'D SEE THE DAY, BUT...

For at least 10 years there has been a documented "BUG" / "SECURITY HOLE" in Microsoft Outlook and the preview pane. Most people seem to like having the preview pane ON because as they click on each message they can see if it's worth opening, but what I have told my customers throughout the years is that if you use the preview pane it's just like opening an email.

What does that mean? It means if there is some hidden HTML malware code in the message, just by viewing it in the pane you are activating it as if you had just clicked on the message and opened it yourself, thus infecting your computer. As each version of Outlook came out many of us hoped that the hole would be patched - but it was not to be.

Well, next week around Tuesday or Wednesday Microsoft is finally releasing a patch that will, according to them, patch the hole. It's time to celebrate!

'Nuff Said,
Brian

Monday, September 2, 2013

SETTING UP YOUR HOME WIRELESS NETWORK PT.2

WIRELESS NETWORKING 101 - PART 2

Let's refresh both of our memories! You are either setting up your first wireless network or replacing the old one that died, and if it's the old one that died it's probably looks like the one below -

A very good wireless router for it's time, but like everything there is change. If you've never set up a wireless router before you may want to use the CD that came with it and choose the "Wireless Wizard" which will get you "ON-THE-AIR" relatively fast.

If you're a brave soul, you can try to configure it without the CD and by using it's IP address and your browser, have a go at it. This isn't such a bad idea; sure, you'll make mistakes and probably reset the router to it's out-of-the-box settings a few times, but by doing it you'll learn a little more how it works.

If you're the person who doesn't have the time, or even care how it works you'll call someone in like SugarLandpc to do it all for you. No fuss - no muss.

And, you could always use the setup CD and then go into the wireless router to see how it's configured. Not all, but some routers have the option to make a backup of it's configuration and it yours does I would suggest doing so.

Just remember:

First of all things, you don't want your router sitting on top of the modem. The heat vents from the modem are often on the top, so it's slowly baking your router.
You want WPS disabled
You should change the SSID (name) or the router to something else, and not your name.
You should have some security setup on the router, but you'll have to check all of your wireless equipment to make sure they will all work with the setting you've chosen. Sometimes older laptops won't connect to the router because when it was made because certain types of security weren't around. And I've run into new devices that wouldn't work unless I set the router to the oldest security setting.
The wifi password should be difficult, yet fairly easy to remember or at the least, written down in your notepad of passwords. A simple name wouldn't suffice because if someone was intent on getting onto your wifi they would do a brute force dictionary type attack, and if the word is in the dictionary it will eventually find it.
As I said in Part 1, a password doesn't have to be one word, it could be a sentence or phrase. I believe my example was: itrainsinspain. You could leave it at that or substitute and "i" for a 1, so it would be 1tra1ns1nspa1n, or, use the original and add a "!" somewhere in the password (beginning, middle, end, etc.)
Once it's set up, try all of your wireless devices to make sure they'll work. If one or two don't, you may have to try and older security setting.
As well, once set up, walk around your house to see if you have any dead spots or very weak signal connection. It may be that, if possible you'll have to move the router to a different position or at least a higher location. Many times I've walked into a residence to find the wireless router sitting next to the modem - on the floor.
Once you are satisfied that you've done the best you can, change the admin password that allows access to your routers configuration. If someone can figure out what router you have, it's not hard to Google for the default admin login and password.

I suppose one last thing should be mentioned. Just because you've bought the latest, fastest, most powerful wireless router available it will only do these things with wireless equipment that can take advantage of it. Otherwise you'll probably get the same signal you got before with your old router. And if you suddenly lose all Internet access, what should you do? That's right - call your Internet provider to see if there is an outage in your area. And I always recommend that you purchase a UPS (uninterruptable power supply) with an AVR circuit in it. This will prevent an untimely modem or router death.

'Nuff Said,
Brian

Sunday, September 1, 2013

TROJAN + CRAIGSLIST = TROUBLE

Email

HOT OF THE PRESS!!

Apparently a Trojan Horse is working it's way through "Craigslist",infecting unsuspecting users with a fake and free software program.
Solera's Director of Threat Research, Andrew Brandt said "Anytime a computer is infected with malware, the box is owned by someone else and they can use it to do all kinds of different things"

YE OLD TROJAN HORSE

The viewer sees a link to a fake program called "Adobe Photo Loader", and once the link is clicked on the malware turns the computer into a botnet PC which then posts links for another program which if clicked on infects the users phone so all of their activity can be monitored or recorded by the people behind this, so please be careful on what you click on -

'Nuff Said,
Brian

TOP TEN SECURITY TIPS

1. Verify that your wireless router is secured, has a name that does not indicate either your name or the router manufacturer, has WPS disabled, and the admin password is not the default password.

2. Keep your Anti-Virus up-2-date. If you have Symantec Anti-Virus 2011, purchase 2012, and when 2013 comes out, upgrade to it.

3. Quick scan your PC twice a month with Malwarebytes.

4. Update your Adobe Reader/Flash, and Java, directly from their websites. Do not trust the pop-up that says you have updates to install.

5. When a pop-up jumps onto your screen, if you don't know what it is, close it.

6. Outlook users (not Outlook Express), keep your "Viewing Pane" closed.

7. If your PC becomes infected, turn it off until a tech arrives.

8. Keep your data backed up, either via external USB drives, or an online service like Carbonite.

9. Don't be cheap. Free anti-virus software only protects you to a certain point. Symantec Internet 2012 will let you know if a link is good or bad when doing a search. If you consider the cost of the software vs. expensive and time consuming virus/trojan removal, it's a small price to pay.

10. Don't trust your email - too many emails which appear to be legit, are not.