January 28, 2010

Internet: Understanding the Hidden Threats of Botnets

from U.S. CERT

What are rootkits and botnets?
A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge. It may be included in a larger software package or installed by an attacker who has been able to take advantage of a vulnerability on your computer or has convinced you to download it (see Avoiding Social Engineering and Phishing Attacks for more information). Rootkits are not necessarily malicious, but they may hide malicious activities. Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected.

Botnet is a term derived from the idea of bot networks. In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks (see Understanding Denial-of-Service Attacks for more information).

Why are they considered threats?
The main problem with both rootkits and botnets is that they are hidden. Although botnets are not hidden the same way rootkits are, they may be undetected unless you are specifically looking for certain activity. If a rootkit has been installed, you may not be aware that your computer has been compromised, and traditional anti-virus software may not be able to detect the malicious programs. Attackers are also creating more sophisticated programs that update themselves so that they are even harder to detect.

Attackers can use rootkits and botnets to access and modify personal information, attack other computers, and commit other crimes, all while remaining undetected. By using multiple computers, attackers increase the range and impact of their crimes. Because each computer in a botnet can be programmed to execute the same command, an attacker can have each of them scanning multiple computers for vulnerabilities, monitoring online activity, or collecting the information entered in online forms.

What can you do to protect yourself?
If you practice good security habits, you may reduce the risk that your computer will be compromised:

Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date. Some anti-virus vendors also offer anti-rootkit software.

Install a firewall – Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send (see Understanding Firewalls for more information). Some operating systems actually include a firewall, but you need to make sure it is enabled.

Use good passwords – Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices (see Choosing and Protecting Passwords for more information). Do not choose options that allow your computer to remember your passwords.

Keep software up to date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.

Follow good security practices – Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection (see other US-CERT security tips for more information).

Unfortunately, if there is a rootkit on your computer or an attacker is using your computer in a botnet, you may not know it. Even if you do discover that you are a victim, it is difficult for the average user to effectively recover. The attacker may have modified files on your computer, so simply removing the malicious files may not solve the problem, and you may not be able to safely trust a prior version of a file. If you believe that you are a victim, consider contacting a trained system administrator.

As an alternative, some vendors are developing products and tools that may remove a rootkit from your computer. If the software cannot locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. Also, the infection may be located at such a deep level that it cannot be removed by simply reinstalling or restoring the operating system.

January 18, 2010

Google Looking Into Inside Attack

Filed under: Uncategorized — Tags: , , , , , , — @ 7:35 pm

Google is investigating whether employees helped orchestrate a cyber attack on their network in December. They made an announcement last week that they were considering pulling out of China because of the attack and theft of their intellectual property.

“We’re not commenting on rumor and speculation. This is an ongoing investigation, and we simply cannot comment on the details,” said Google about the attack. As for pulling out of China, Google said, “We are going to have talks with them in the coming few days.”

December 30, 2009

Guide To Cracking Cell Phones Posted On Web

Filed under: Uncategorized — Tags: , , , , , — @ 5:08 pm

Karsten Nohl, a German security expert, has posted the way to crack GSM encryption. The encryption method is used to protect most of the world’s mobile phones. Karsten said he posted the information to force companies to improve their security. “The goal is better security.”

Are your calls secure?

December 27, 2009

CDC Phishing Scam

Fraudulent emails referencing Centers For Disease Control (CDC) sponsored State Vaccination Program

CDC has received reports of fraudulent emails (phishing) referencing a CDC sponsored State Vaccination Program.

The messages request that users must create a personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The message then states that anyone that has reached the age of 18 has to have his/her personal Vaccination Profile on the cdc.gov site.

The CDC has NOT implemented a state vaccination program requiring registration on www.cdc.gov. Users that click on the email are at risk of having malicious code installed on their system. CDC reminds users to take the following steps to reduce the risk of being a victim of a phishing attack:

Do not follow unsolicited links and do not open or respond to unsolicited email messages.
Use caution when visiting un-trusted websites.
Use caution when entering personal information online.
An example of the Phishing email follows:

More information on hoaxes, rumors, and urban legends may be found at the Snopes.com Web site at: http://www.snopes.com/.

December 23, 2009

FBI Investigating CitiBank Cyber Heist

Filed under: Uncategorized — Tags: , , , , , , , , , — @ 3:35 pm

The Wall Street Journal reports that the FBI is investigating the computer hacker attack that resulted in the theft of tens of millions of dollars. CitiBank is strongly denying the allegations.

CitiBank said, “any allegation that the FBI is working on a case at Citigroup involving a breach of Citi systems resulting in tens of millions of dollars of losses is false. There has been no breach and there have been no associated losses.”

“Ninety-eight percent of bank heists are now occurring virtually and not in the real world,” said Tom Kellermann, a former senior member of the World Bank’s Treasury security team. The banks are “hemorrhaging funds” as a result.

The Wall Street Journal’s anonymous sources say that a Russian cyber gang hacked the systems.

Because so many personal computers have been compromised and taken over as “zombie” computers, it has become much more difficult to determine the true origin of cyber attacks.

December 22, 2009

Introducing the New Cybersecurity Coordinator

Tthe White House announced the President’s new White House Cybersecurity Coordinator, Howard Schmidt.

With some forty years of experience in government, business and law enforcement, Howard brings a unique and deep experience to this important issue. Cybersecurity matters to all of us – and it’s our shared responsibility to mitigate the threats in this space. You can take cybersecurity into your own hands with these tips for protecting yourself online:

Keep your security software and operating system up-to-date. At a minimum, your computer should have current anti-virus and anti-spyware software and a firewall to protect yourself from hackers and malicious software that can steal sensitive personal information. Hackers also take advantage of Web browsers and operating system software that do not have the latest security updates. Operating system companies issue security patches for flaws that they find in their systems, so it is important to set your operating system and web browser software to download and install security patches automatically.
Protect your personal information online. Millions of people become victims of identity theft each year. One way that cyber criminals convince computer users to divulge their confidential personal information is through fake “phishing” emails, which are often cleverly disguised to look like authentic emails. Be wary of clicking on links in emails that are unfamiliar and be very cautious about providing personal information online, such as your password, financial information, or social security number.
Know who you are dealing with. It is remarkably simple for online scammers to impersonate a legitimate business, so you need to know who you are dealing with. If you are thinking about shopping on an unfamiliar website, do some independent research before you buy. Similarly, before you download software, be sure that the software developer is trustworthy. Cyber criminals will often embed the capability to steal passwords and files into free software.
Learn what to do if something goes wrong. If your computer gets hacked, the effects may be obvious (e.g., deleted or corrupted files), or they may be subtle (e.g., slow computing performance). As a first step, you should scan your computer with updated anti-virus software. You may wish to get professional assistance through your computer’s manufacturer, computer retail store, or local computer technician. You can also alert the appropriate authorities by contacting your Internet Service Provider or the Internet Crime Complaint Center. The Federal Trade Commission (FTC) can assist if you are subject to identity theft. You can also forward spam or phishing emails to the FTC at spam@uce.gov.
Here’s the full-text of the announcement email sent to the White House email list by John Brennan, Assistant to the President for Homeland Security and Counterterrorism:

Dear Friend,

Cybersecurity matters to all of us. Protecting the internet is critical to our national security, public safety and our personal privacy and civil liberties. It’s also vital to President Obama’s efforts to strengthen our country, from the modernization of our health care system to the high-tech job creation central to our economic recovery.

The very email you are reading underscores our dependence on information technologies in this digital age, which is why it seemed like a fitting way to announce that the President has chosen Howard Schmidt to be the White House Cybersecurity Coordinator. Howard will have the important responsibility of orchestrating the many important cybersecurity activities across the government.

Howard is one of the world’s leading authorities on computer security, with some 40 years of experience in government, business and law enforcement. Learn more about Howard’s background and approach to cybersecurity.

Howard will have regular access to the President and serve as a key member of his National Security Staff. He will also work closely with his economic team to ensure that our cybersecurity efforts keep the Nation secure and prosperous.

Moving forward we will use WhiteHouse.gov, this email program and our other communications tools to keep you posted about our progress in this important area.


John O. Brennan
Assistant to the President for Homeland Security and Counterterrorism

P.S. You can play an important role in cybersecurity as well. Learn more about the issue and steps you can take to ensure your own security.

December 19, 2009

Facebook Is About Sharing Information With Others

Filed under: Uncategorized — Tags: , , , , , , — @ 3:05 pm

FaceBook.com says, “Facebook is about sharing information with others.” Over the past several weeks, Facebook has forced users to upgrade their privacy settings. Make sure you know how much information you are making public.

How We Share Information

Facebook is about sharing information with others — friends and people in your networks — while providing you with privacy settings that you can use to restrict other users from accessing your information. We share your information with third parties when we believe the sharing is permitted by you, reasonably necessary to offer our services, or when legally required to do so. For example:

When you make a payment. When you enter into transactions with others or make payments on Facebook, we will only share transaction information with those third parties necessary to complete the transaction and will require those third parties to agree to respect the privacy of your information.

When you invite a friend to join. When you ask us to invite a friend to join Facebook, we will send your friend a message on your behalf using your name. We may also send up to two reminders to them in your name. If your friend does not want us to keep their information, we will remove it at their request on this help page.

When you choose to share your information with marketers. You may choose to share information with marketers or electronic commerce providers that are not associated with Facebook through on-site offers. This is entirely at your discretion and we will not provide your information to these marketers without your consent.

To help your friends find you. By default, we make certain information you have posted to your profile available in search results on Facebook to help your friends find you. However, you can control who has access to this information, as well as who can find you in searches, through your privacy settings. We also partner with email and instant messaging providers to help their users identify which of their contacts are Facebook users, so that we can promote Facebook to those users.

To give search engines access to publicly available information. We generally limit search engines’ access to our site. We may allow them to access information set to the “everyone” setting and your public search listing (but you can turn off your public search listing in your privacy settings).

To help improve or promote our service. Sometimes we share aggregated information with third parties to help improve or promote our service. But we only do so in such a way that no individual user can be identified or linked to any specific action or information.

To provide you with services. We may provide information to service providers that help us bring you the services we offer. For example, we may use third parties to help host our website, send out email updates about Facebook, remove repetitive information from our user lists, process payments, or provide search results or links (including sponsored links). These service providers may have access to your personal information for use for a limited time, but when this occurs we implement reasonable contractual and technical protections to limit their use of that information to helping us provide the service.

To advertise our services. We may ask advertisers outside of Facebook to display ads promoting our services. We may ask them to deliver those ads based on the presence of a cookie, but in doing so will not share any other information with the advertiser.

To offer joint services. We may provide services jointly with other companies, such as the classifieds service in the Facebook Marketplace. If you use these services, we may share your information to facilitate that service. However, we will identify the partner and present the joint service provider’s privacy policy to you before you use that service.

To respond to legal requests and prevent harm. We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards. We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities.

Facebook Beacon. [We have announced a settlement of a lawsuit related to the Beacon product: the Beacon product will be discontinued and this language removed from the privacy policy upon approval of a settlement by the court.] Facebook Beacon is a means of sharing actions you have taken on third party sites, such as when you make a purchase or post a review, with your friends on Facebook. In order to provide you as a Facebook user with clear disclosure of the activity information being collected on third party sites and potentially shared with your friends on Facebook, we collect certain information from that site and present it to you after you have completed an action on that site. You have the choice to have us discard that information, or to share it with your friends. To learn more about the operation of the service, we encourage you to read the tutorial here. To opt out of the service altogether, click here. Like many other websites that interact with third party sites, we may receive some information even if you are logged out from Facebook, or that pertains to non-Facebook users, from those sites in conjunction with the technical operation of the system. In cases where we receive information from Beacon sites on users that are not logged in, or on non-Facebook users, we do not attempt to associate it with individual Facebook accounts and will discard it.

Transfer in the Event of Sale or Change of Control. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner so that the service can continue to operate. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Policy.

December 18, 2009

“Is it really your photo?” Phishing Scam

Be aware of an email phishing scam that appears like this:

Subject: Re: your photo
Is it really your photo?

The link contains the recipients email address in the URL. By clicking on the link, the fraudsters validate your email address and start gathering other personal information.

December 17, 2009

FBI Releases Warning About Scareware

Filed under: Uncategorized — Tags: , , , , , , , — @ 3:34 pm

The Federal Bureau of Investigation (FBI) has released a warning to alert users about an ongoing threat involving pop-up security messages that appear on the Internet. These pop-up messages may contain seemingly legitimate antivirus software. Users who click on these pop-up messages to purchase and install the bogus software may become infected with malicious code or to become victims of a phishing attack.

US-CERT encourages users and administrators to do the following to help mitigate the risks:
* Review the FBI Press Release titled Pop-Up Security Warnings Pose Threats.
* Install antivirus software, and keep the signature files up to date.
* Use caution when entering personal and financial information online.
* Install software applications from only trusted sources.

December 13, 2009

Facebook: Judges And Lawyers Unfriend

Filed under: Uncategorized — Tags: , , , , — @ 3:35 pm

Florida state’s Judicial Ethics Advisory Committee has ruled that judges and lawyers should unfriend.

“Although Facebook has been used as an example in this opinion, the holding of the opinion would apply to any social networking site which requires the member of the site to approve the listing of a ‘friend’ or contact on the member’s site.”

“We as judges can still be good judges and still have friends. Part of our job is to not let that friendship interfere in any way with our decisions. But, others in the public who see judges listing a lawyer as a friend on facebook, they may think that because they are your friend, they will be treated differently.”

Older Posts »

Powered by WordPress