Computer Security Weblog

A story hitting close to home for me. Lawrence, Kansas is the home of my beloved Kansas University Jayhawks. I just heard on the news that several residents of Lawrence have been called over this past few days telling them they either have a problem with a VISA credit card account or their bank account an the KU Credit Union. Click here for a link to an online story. This scam has been around in parts of the country but this one is a bit closer to home.

Attackers can setup a call center on their PC or one that they control, then call random residents that is targeted to a certain location. I guess the attacker asks for personal identifiable information like credit card number or account number. Then those who fall for it, have had money transferred out of their account. With these call centers that attackers use, they can spoof the number that is making the call just like a phisher in e-mail can appear to be coming from PayPal.com for example.

This is just another social engineering scam that attackers are starting to use because people have been warned over and over about these phishing e-mails appearing to be coming from banks and credit card companies.

Create your own “need to know” basis where you refuse to give up information from any unsolicited e-mail, phone call, or SMS messages (text messages on mobile phones) because these are known attack vectors. If you think it is true, hang up and call your bank or credit card company directly.

Rock Chalk Jayhawk and hope not too many of the citizens of Lawrence have fallen for this scam. Take care and stay safe this weekend.

Well this past week, another large scale hacking of legitimate sites including some belonging to the UN, the UK government, .edu sites, and many travel sites to name just a few.  The hack includes a re-direct that pointed visitors to the exploited sites to some servers in China and ran 8 exploits including MS07-004 for IE.  This has now become a more common exploit that attacks trusted sites then it can direct it to the criminal attackers bad websites.  The two sites it pointed to were IP’s that belonged to China.  Surprise!

Just do a Google search with these sites and you will see how wide spread the problem is.  Search on these but don’t go to any of these sites.   nihaorr1.com, and haoliuliang.net.

The lessons learned here are these.  No longer can we say there is something called trusted sites.  I use the Firefox browser and use an add-on called “NoScript”.  Check it out.  It allows you to control what JavaScript runs and what doesn’t.  And of course patching is VERY important.  Patch your Microsoft software, your Firefox browser, QuickTime, iTunes, RealPlayer, WinZip, Adobe Reader, Adobe Flash, and any other software that you use.  Here are the facts.  Due to crappy programming, the Computer Security field is going strong.  This is the core problem.  Not any easy answers here to solve but you can doe the things mentioned above.

Stay safe out there and I’ll be posting another story later this weekend.  I’ve been busy and haven’t had too much time.  We have been tracking this particular story where I work and I wanted to pass this along to you also.  Rock Chalk Jayhawk GO KU!!!  And remember, North Carolina Tarheel fans don’t have to listen to any of my advice.

The National Cyber Security Alliance (NCSA) announced study findings that 71 percent of consumers lack the knowledge on cyber criminals’ weapon of choice and the Internet’s fastest growing threat — botnets. This is sadly telling a story that I and many other computer security professionals already know. Botnets have comprised mostly of consumers’ computers and are increasingly being used to perpetrate identity theft and spread viruses.
“Last June, the FBI identified more than one million computers infected with malware which could have been hijacked and used as part of an army of bots to attack other computers, spread malware, or attack our nation’s infrastructure,” said Ron Teixeira, executive director of the NCSA. These results were announced at the RSA conference last week. “Botnets continue to be an increasing threat to consumers and homeland security. Consumers’ unsecured computers play a major role in helping cyber criminals conduct cyber crimes not only on the victim’s computer, but also against others connected to the Internet.”
The study also shows that Americans are largely unaware their computer’s security plays a role in our nation’s security and preventing online crime. The scary think is a majority of respondents think it is not likely their computer could affect homeland security while only 51 percent think it is possible for a hacker to use their computer to launch cyber attacks.
“It is alarming that consumers do not know how to secure their computers,” said Teixeira. “It is important for consumers to understand that safe cyber security practices not only protect them from identity theft, but also prevent cyber crime and attacks. By taking simple steps, consumers can protect themselves from cyber crimes and join our effort to protect other Internet users.”

Additional findings from the study* include: — 71 percent have never heard the phrase “botnet” — the weapon of choice for cyber criminals — 59 percent think it is not likely their computer could affect homeland security — 47 percent believe it is not possible for a hacker to use your computer to launch cyber attacks or crimes against other people, businesses and our nation — 51 percent have not changed their password in the past year — 48 percent do not know how to protect themselves from cyber criminals — 46 percent of consumers are not sure of what to do if they became a victim of a cyber crime.

I say this to you… your biggest weapon against the criminal attackers is knowledge. Educate yourself on the steps you can take to secure your PC at home.

Congrats to my Kansas University Jayhawks for winning the NCAA National Championship. Gotta love those Hawks! As we like to say around this part of the country, Rock Chalk Jayhawk. GO KU!!! Have a safe week.

One thing that criminal computer attackers like to use in their phishing e-mails is some current event.  All around the world, there is a lot of support for Tibet against the Chinese government.  With news coming out being restricted by the Chinese, people are hungry for information.  What a perfect setup for a social engineering tactic to get people to click on either attachments or links in phishing e-mails.

Never trust unsolicited e-mail period.  Never, never, never trust it.  No matter what the topic in e-mails, never click.  Computer attackers have to have your help before YOU can be taken advantage of.  Clicking things many times installs the attackers downloaders that then downloads and installs the really nasty code.  Gone are the days where e-mails that have misspelled words, broken English that really gave us a clue that something isn’t right.  Attackers have linguists, psychologist, and some really smart people who can code the malware (criminal malicious software) and you are the target.

Remember that they need you to click on either an attachment or link to a malicious site to take advantage of you.  You are your own best defense.  Know the tactics being used.  Be prepared and don’t click.  NEVER.

It was a short night for me because I was watching my Kansas University Jayhawks win the National Championship game last night.  Gotta love those Hawks and I’m so happy for Coach Self and every single kid on that team but especially the 5 seniors on the team.  Rock Chalk Jayhawk.  GO KU!!!  What a season and what a dramatic finish.  Now the story is, what will Coach Self do when he gets offered TONS of money to move to coach Oklahoma State University.  Personally I think he will stay and be there for a long time.

Stay safe out there.  Rock Chalk!!  We’ll talk again in a few days.

Well any readers know that I’m a big Kansas University fan and we played the Tarheels from Carolina tonight. Kansas dominated out of the box but then went flat before finishing the Tarheels from UNC. Well I must admit that I was worried when Carolina made its big run.

Anyone familiar with Kansas University basketball knows that Roy Williams left Kansas as the coach and went back home to UNC to coach. Many in this part of the country are mad at Roy. Well I’ve been asked am I mad at Roy for leaving after 15 years at KU. I say this every time. During the KU run in the 2003 Final Four, I always felt that Dean Smith was actively going after Roy right in the middle of when he should have been concentrating on KU. Everyone who saw as KU had won a game, I think against Duke, a reporter was asking Roy about the UNC coaching vacancy. His comment was not censored when he said “I don’t give a sh@t about North Carolina” on CBS. Wasn’t true but at the time, around here we all felt the same way. Long story short. He left. So I was really ready to play them when they both went on to the Final Four this year.

Really I was concerned because Roy is a great coach and his teams were always good. Kansas is a very good team this year also. Anyway, Roy, I’m good with you. I’m not among the haters here. And for us fans, I felt pretty good as well as all others in Jayhawk country after the game was over. Rock Chalk Roy. Join us in cheering on the Kansas University Jayhawks Monday night.

Next post will actually be about computer security. I promise. Bring it home Hawks!!!

I am signed up for regular online newsletters through SANS.org which is a computer security site that I reference daily.  In this current issue I found this story to be applicable to many people out there today.

Here is the story:

John Y. at a US community college writes us:
A computer used by one of our staff was compromised in December, and began sending email advertisements for Viagra and Cialis to large numbers of addresses. We caught it fairly quickly because we have monitors that look for that kind of behavior on our network.  An analysis of the computer showed that it had been infected when the user visited a small Mom-and-Pop type arts & crafts store on the web. The
Mom-and-Pop website had been “re-programmed” by someone in Ukraine to send a blast of software attacks at anyone unlucky enough to visit it.  One of these attacks was directed against a vulnerability in a version  of Apple QuickTime released just two weeks before the attack. Symantec Anti-Virus stopped all of the attacks except the QuickTime attack.  Sadly, it only takes one successful attack to compromise any computer.

Lessons We Learned
- - - Small Mom-and-Pop websites can pose a greater risk than the sites of big vendors like Amazon.com. Owners of small businesses often don’t have the expertise or resources to protect their sites from being
compromised and used by Bad Guys. Once a website has been compromised, it can then be used to attack your computer.

- — Anti-virus is still a necessary defense, but it can’t do the whole job.  In the past, computer criminals wrote viruses that broadcast themselves all over the Internet, making it easier for anti-virus companies to identify them and develop a countermeasure quickly.  Now, attacks are much more targeted and the criminals have gotten better at making attack software that is harder to detect. Anti-virus makers are
finding it difficult to keep up with the criminals.

- — Bad Guys are targeting many applications that run on your computer, as well as the operating system. The campus computer that was compromised was completely up-to-date with its Windows security patches.
But in order to keep your computer secure (besides patching Windows, Internet Explorer, and Office, all done automatically through update.microsoft.com, you have to patch commonly installed applications like QuickTime, RealPlayer, Adobe Reader, Adobe Flash Player, and Sun Java, all of which can be attacked through your email or web browser.

—————-

Now we’ve talked about these other applications and the importance of patching.  Many of these vendors are automating their process to update their applications.  It’s not there yet so you need to make sure on your own that these applications are patched.  Most times, you can open them up and go to the HELP option and there you will find an option to Check for Updates.  Do this to protect yourself.

Tonight is the BIG GAME!!! Remember all Tarheel fans can disregard any advice I give.  Tyler Hansborough (Don’t know if that is the correct spelling.  Really don’t care.) is on the cover of SI so hopefully that will be the famous SI Jinx.  ROCK CHALK JAYHAWK!!! GO KU!!!!  Love my Jayhawks and both these games today will be awesome to watch.  Stay safe, patch and may my Jayhawks from the University of Kansas bring home the National Championship.

I wasn’t sure I was going to make it through the game yesterday.  My heart can’t take much more of that.  Well congratulations to my Kansas Jayhawks for making the Final Four and now we focus on the UNC Tarheels.  Please UNC, listen to all the hype.  You are the greatest team ever and KU should not even show up.  Rock Chalk Jayhawk!!!  I’m very excited about Saturday’s games.  Can’t wait and be ready for all that crappy Tarheel hype.

Be careful out there when it comes to spam and even those Google searches.  You may want to go to Finjan.com and click on the Secure Browsing icon at the bottom of the page.  Doesn’t matter if you use Microsoft’s Internet Explorer or Firefox browser, you can install this little addon and when you do searches, you can feel a little safer that a site is not malicious.  Criminal attackers will take advantage of all the interest in the Final Four with their spamming attacks.  Read about what this Finjan addon can do for you.

Now a special message to all those UNC Tarheel fans.  Patching your PC is overrated.  Use an older version of Microsoft’s Internet Explorer.  Spam e-mail is safe.  Click on unsolicited e-mail links and attachments.  You guys rock!  LOL.

I love this time of year.  Stay safe and ROCK CHALK JAYHAWK!!!!!!

So did anyone else notice that a Microsoft patch was downloaded if you had Excel?  A calculation-error bug in Microsoft Office Excel 2003 was acknowledged bt MS last Friday.  They have resolved this issue with an out of cycle patch.

Microsoft Security Response Center (MSRC) blogger Tim Rains pointed to an updated security bulletin, MS080-014, dated March 19.  The bulletin had originally been issued on March 11 during the regular Patch Tuesday update cycle, that was addressing four “critical” fixes in Microsoft products, including a remote code execution flaw in Excel 2003.  Anytime you see “remote code execution”, that is a serious problem that could allow an attacker control of your PC remotely.

It’s always nice to see problems get closed with patches but just know there will always be more not only with Microsoft, but other software vendors like Adobe, WinZip, etc..

That is it for now.  Stay safe and Rock Chalk Jayhawk!!!

I want to wish all a happy Easter!!  I love the Easter Season what it represents.  This year Easter is falling early this year.  I’m really ready for the weather to warm up here in the middle of the United States.  What ever happened to Global Warming.  I don’t believe it at all.

I have to say my Jayhawks went to Omaha and represented!  It is on to the Sweet Sixteen for the Kansas Jayhawks.  ROCK CHALK!!!  Just wanted to remind you all of what the biggest thing you can do to keep away from all the cyber nasties out there.  Patch Patch Patch.  There will always be those zero day vulnerabilities that you can’t do anything about.
Also, this past week there was yet another attack on legitimate sites that was able to redirect you to a site that tried to exploit several older vulnerabilities.  Patching would protect you from these attacks.  It does seem that it is becoming more risky to surf casually with all these attacks that started late last year.  That won’t stop me.  I will be diligent and stay up on the patches.  Patch all your software.  I’ve written some suggestions on how to keep up with patching and you can check out my blogroll.  I love that Shavlik Google Gadget.

Everybody have a great Sunday and hope all the PAC 10 and ACC teams get beat soon.  Don’t like all that attention they get in the national media.  Stay safe and ROCK CHALK JAYHAWK!!!

This week, another cyber attack against legitimate sites is going on.  Some of the security companies have been writing some articles about it.  Not a whole lot of details are known at this time but some of the sites include several .edu’s, .gov’s, and of course there is always the big names.  In this instance, it was Trend Micro.  A computer security company.  They’ve taken care of the pages that were hacked.   Similar to the other attacks earlier this year,  the web applications themselves have been attacked then serve up exploits to any visitor to that site.

In an Internet Storm Center Diary post lists what vulnerabilities that are being used in this latest attack.  What do you to defend against these types of attacks?  Well, regular readers have heard it from me before but the answer is the same.  PATCH!!!!!   Pretty simple.  The weaknesses listed in this current post are all Microsoft patches from 2006 and 2007.  Not listed but are used more often are some of the third party applications like Adobe Reader, RealPlayer, WinZip, WinAmp, and on and on and on.  These applications need patches too so don’t forget those.

It’s Big 12 tournament has started so I’m pumped up.  Rock Chalk Jayhawk.  GO KU!  That is it for now.  Have a great weekend and may your favorite team win unless they are playing the Kansas Jayhawks!!