Monthly Archives: January 2011

Alert for Internet Explorer Users

There is a newly discovered vulnerability that affects Internet Explorer on all versions of Windows. If exploited it might allow for an attacker to cause a victim to run malicious scripts when visiting various websites, resulting in information disclosure.

This is a vulnerability that Microsoft will have to develop a patch for, but in the meantime, there is a temporary holding action that can be taken. If you use Internet Explorer as your default web browser, click on the below link and download the Microsoft patch for it, and then open the downloaded file to execute the automatic workaround fix:

http://go.microsoft.com/?linkid=9760419

The above should provide a lockdown workaround that will render the vulnerability inoperational. Although, if you ask me, I just wouldn’t use Internet Explorer at all and use a better browser like Firefox or Chrome.

Ever Wondered How Exactly Your Computer Got Infected?

I wanted to give you a real life example of how malware can infect your system and how the different elements of a good computer security setup as described here can protect your computer against it.

A client contacted me to ask if a suspicious email was in fact legit. It was one of those fake UPS emails announcing “your package has arrived”, and giving a link to download the invoice. The link was actually a small program that would download to your computer if clicked on. Even though I knew the file was malicious, adventurous as I am, I clicked on the link  and downloaded the program with the purpose of opening it just to see what would happen. NOTE: Don’t try anything like that if you’re not an expert and know how to contain an infection before it affects your computer, unless you want to end up with an infected computer.

The malicious file, being relatively new, was missed by my antivirus program both when I downloaded it AND when I opened it. Tsk-tsk. But I don’t really hold it against it – later I submitted that file to an online scanner that scans any file against 43 different antivirus programs and only 5 out of the 43 identified the file as malicious! That is why you want to have several layers of protection. But read on.

As soon as I opened the malicious file two things happened. My firewall alerted me to the fact that a program was trying to communicate to the internet in a suspicious way (and blocked it until I decided whether or not to grant access) and AppGuard alerted me that it had blocked a program attempting to launch (start, open, execute)  from an illegal location. I looked into the steps of that program created by the original malicious file downloaded, and in it there were instructions to delete the original executable file and itself! Sneaky bastard! In other words, the original program would have delivered its payload by starting, planting its infection, “calling home” (“home” being a website with an IP address of 76.76.104.203, somewhere in Canada), and then creating another program that would in turn delete all visible evidence of infection!

Since I had done all the above in a controlled virtual environment, a restart of the computer undid all changes that might have occurred in case something had gone past all the other layers of protection. But I hope this gives you a better idea of how an infection can occur and hide itself from view, and how a good security setup can keep you safe.

Malware Facts and Figures in 2010

A few facts and figures regarding viruses for 2010, to give perspective and raise awareness (facts and figures provided by PandaLabs):

– In 2010, a third of all existing viruses were created.

That is, in the last 12 months, 34% of all existing malware in history has been created and classified.

Trojans are currently the dominating type of malware.

Trojan horses are a specific type of malware that, similar to the  the Greek story of Troy, allow for intrusion of a system from within, opening the door to external control by a hacker. Currently, 56% of malware are Trojans.

– Thailand, China and Taiwan are the top infected countries.

Let that be a lesson to those who don’t patch their operating systems with Windows updates (the biggest percentages of illegal copies of Windows are in Asia, and Microsoft does not provide updates to pirate copies of Windows).

Top infection methods were social media exploits, BlackHat SEO techniques, and zero-day vulnerabilities.

Social engineering is covered in this article, BlackHat SEO techniques are described in this one, and zero-day vulnerabilities defined here.

Don’t be a statistic. Keep your computer updated, a sound security solution in place, and use common sense when surfing the internet or handling emails.

An Additional Layer of Defense for Your Computer(s), Part Deux

Last week’s article covered the theory and background of using DNS as an additional security layer, although I didn’t quite get into explaining how it all works, how to do it, and so forth. That’s what this article is for. If you have not read that article, I suggest you do so before you read this one, or else you might find yourself a little lost.

Alright so, how it works. Using a specialized DNS server such as OpenDNS allows for several preemptive security measures to be implemented that benefit your computer(s). Namely, it allows for:

1) Web content filtering: Great, right? especially if you know what that means. Basically, it’s the ability to control what types of websites can be displayed on your computer(s). Good if you’re a parent at home, or have a small office and want to make sure there is no inappropriate content being loaded in your computers at work. Also that by itself provides extra security. I’ll explain: By having he ability to filter out, let’s say, adult-themed, gambling, P2P sites (peer to peer, websites that allow users to share files and programs, used a lot for illegal file sharing such as music and licensed software), you are closing the door to some of the most heavily loaded types of websites when it comes to virus infections. One useful category you can filter out is “advertisements”, which will make some annoying ads in websites not show. But you get the idea. It gives you control over what types of content your computer(s) can access on the Internet.

2) Also, it includes anti-phishing capabilities (phishing: A common method used by cyber-criminals to steal your information by luring you into accessing what pretends to be a legit website, such as your online bank for example, and asking for your credentials with the purpose of stealing them), which makes it harder to fall prey to these type of scams.

3) DNS security protects the most vulnerable level of your computer(s) against the latest Internet threats, including viruses and other types of malware.

There are other advantages, which I will mention as we go along, but enough theory. Now, let’s get into action.

Note: Although I’ve tried to keep it at a very basic level, this requires at least an intermediate level user. Novice computer users might find it hard to get this done, and additionally might break something  in the process. So consider yourself warned, if you’re not an intermediate user or above.

Ok so the first thing is go to https://store.opendns.com/get/basic and register a free account with OpenDNS.com. Once you’ve done that, the next step is to adjust (change) the DNS server from what you’re currently using to OpenDNS. If you’re doing this for home and you have only one computer, you can just change your computer settings and be done with it. If you’re doing it for home and you have several computers sharing the same internet connection through a router or a gateway, it’s advisable to change the settings at that level. If you have a small company with a setup that resembles a home network, the same applies. For middle or big companies there might be a different approach. But in that case you probably have already somebody in charge of your computer needs (or maybe that somebody is you, reading this article). I won’t go into what to do in that case, since  my usual readers ranges from the individual home user to a small office user/administrator with a home-network-like setup.

Fortunately, once you have registered an account with OpenDNS.com and decided which device you’re going to use to set the DNS server, you can click on that device in the page you’ll find after signing in, and there are step-by-step instructions on what to do depending on at which level you’re setting the DNS server setting. I say fortunately because that saves me the work of writing such detailed instructions 🙂

So if you have gotten this far with success, congratulations. You have made your computer(s) more secure. There is only two more things I’d like to add before I make this article too long. The first is, you can now go to your OpenDNS account dashboard and set content filtering, good for parents at home, and bosses at work, as mentioned before. Go to https://www.opendns.com/dashboard/settings/ and choose your network (add it first if this is the first time you’re using the dashboard) and then you can set it to one of the preset levels, or customize it to block certain specific categories of your choice.

The second thing I wanted to mention is there is a chance you’re done all the right steps and there seems to be no result in terms of your computer(s) now using OpenDNS (click here to find out if you have successfully set up OpenDNS in your computer). There are 2 or 3 possible reasons this might occur but I’d rather not get into that here as it would go over the general level I try to keep for my articles, so feel free to contact me if you have any questions or problems with this you cannot sort out by yourself. Also, if you’re a parent trying to set content filtering at home for your kids, beware that unless you’re a rocket scientist your kids probably know more about computers than you do, which means they might know how to circumvent your content filtering attempt. Thankfully, you have me on your side and can ask me if something is not working the way it should or if you want to make sure your security measures are not being circumvented by your kids. I swear kids these days seem to be born with a netbook in their hands or something, they easily outperform their folks when it comes to computer related stuff.

So there you have it, one last layer of protection to keep your computer from getting infected or your private data stolen. Remember, this is just one layer which means there are others, and only through an intelligent implementation of all the layers covered here, here and in this article can you have a comprehensive level of security that makes you unlikely to become the victim of a successful computer attack.

An Additional Layer of Defense for Your Computer(s)

What better way to start the new year than learning about and implementing an additional layer of security in your computer(s)? This one I’ve used for some time but never got around to write about it.

I’m going to backtrack to some basic technical stuff that although I might have covered before, wanted to include here in the name of this article’s self-sufficiency. First, a term, domain name. For practical purposes and in the context being used here, a domain name could be said to be a label that identifies a website. Thus, remotehelpexpert.com is a domain name. So is yahoo.com, google.com, and so on. You get the idea.

Ok, so, Domain Name System (sometimes Server, or Service) or DNS, refers to the translation of a website’s name into its numeric address. Every domain has a name (in letters) and an address (in numbers). If you enter “remotehelpexpert.com” in your web browser’s address bar and press enter, the computer needs to find out what is that domain name’s numerical address to be able to find and display that website for you.

Of course due to various factors, two or more domains might share the same numerical address. Conversely, one domain might have more than one numerical address. This all might seem complicated but it’s actually pretty simple. The important thing is that what the computer uses to translate the name of a domain into its numerical address is called DNS. When the computer is able to use DNS to find a domain’s numerical address, it is said to have resolved it. Thus, DNS resolution. The computer that is asked the question  “what is the address of this domain name?” and answers it is called a DNS Server and it’s out there in the Internet. Its counterpart, most of the time your computer, is the DNS client.

Ok, you might say, let’s pretend for a moment everything that has been said so far is true. What does it all have to do with increasing security for computers? Patience, young grasshopper, we’re almost there. More often than not, your ISP (Internet Service Provider, the company you pay to have internet access) will have its own DNS servers, and typically your computer(s), or the device that connects your computers to the internet will have been set up to use those particular servers to perform the aforementioned function. But that can be changed. Why would one want to change it? Well, some DNS servers offer a number of additional services that the role of DNS server is uniquely fit to perform. Thus, we finally arrive to the starting point of this article.

But unfortunately, just as we’re about to really get started, we have run out of time. Figured I’d better break down this subject into two articles, so I can cover in detail the background theory and then what to do and how to do it and the advantages to be gained from all that. So stay tuned for next week’s article – the second and final part of this subject!