Computer Security Weblog

One thing that criminal computer attackers like to use in their phishing e-mails is some current event.  All around the world, there is a lot of support for Tibet against the Chinese government.  With news coming out being restricted by the Chinese, people are hungry for information.  What a perfect setup for a social engineering tactic to get people to click on either attachments or links in phishing e-mails.

Never trust unsolicited e-mail period.  Never, never, never trust it.  No matter what the topic in e-mails, never click.  Computer attackers have to have your help before YOU can be taken advantage of.  Clicking things many times installs the attackers downloaders that then downloads and installs the really nasty code.  Gone are the days where e-mails that have misspelled words, broken English that really gave us a clue that something isn’t right.  Attackers have linguists, psychologist, and some really smart people who can code the malware (criminal malicious software) and you are the target.

Remember that they need you to click on either an attachment or link to a malicious site to take advantage of you.  You are your own best defense.  Know the tactics being used.  Be prepared and don’t click.  NEVER.

It was a short night for me because I was watching my Kansas University Jayhawks win the National Championship game last night.  Gotta love those Hawks and I’m so happy for Coach Self and every single kid on that team but especially the 5 seniors on the team.  Rock Chalk Jayhawk.  GO KU!!!  What a season and what a dramatic finish.  Now the story is, what will Coach Self do when he gets offered TONS of money to move to coach Oklahoma State University.  Personally I think he will stay and be there for a long time.

Stay safe out there.  Rock Chalk!!  We’ll talk again in a few days.

I am signed up for regular online newsletters through SANS.org which is a computer security site that I reference daily.  In this current issue I found this story to be applicable to many people out there today.

Here is the story:

John Y. at a US community college writes us:
A computer used by one of our staff was compromised in December, and began sending email advertisements for Viagra and Cialis to large numbers of addresses. We caught it fairly quickly because we have monitors that look for that kind of behavior on our network.  An analysis of the computer showed that it had been infected when the user visited a small Mom-and-Pop type arts & crafts store on the web. The
Mom-and-Pop website had been “re-programmed” by someone in Ukraine to send a blast of software attacks at anyone unlucky enough to visit it.  One of these attacks was directed against a vulnerability in a version  of Apple QuickTime released just two weeks before the attack. Symantec Anti-Virus stopped all of the attacks except the QuickTime attack.  Sadly, it only takes one successful attack to compromise any computer.

Lessons We Learned
- - - Small Mom-and-Pop websites can pose a greater risk than the sites of big vendors like Amazon.com. Owners of small businesses often don’t have the expertise or resources to protect their sites from being
compromised and used by Bad Guys. Once a website has been compromised, it can then be used to attack your computer.

- — Anti-virus is still a necessary defense, but it can’t do the whole job.  In the past, computer criminals wrote viruses that broadcast themselves all over the Internet, making it easier for anti-virus companies to identify them and develop a countermeasure quickly.  Now, attacks are much more targeted and the criminals have gotten better at making attack software that is harder to detect. Anti-virus makers are
finding it difficult to keep up with the criminals.

- — Bad Guys are targeting many applications that run on your computer, as well as the operating system. The campus computer that was compromised was completely up-to-date with its Windows security patches.
But in order to keep your computer secure (besides patching Windows, Internet Explorer, and Office, all done automatically through update.microsoft.com, you have to patch commonly installed applications like QuickTime, RealPlayer, Adobe Reader, Adobe Flash Player, and Sun Java, all of which can be attacked through your email or web browser.

—————-

Now we’ve talked about these other applications and the importance of patching.  Many of these vendors are automating their process to update their applications.  It’s not there yet so you need to make sure on your own that these applications are patched.  Most times, you can open them up and go to the HELP option and there you will find an option to Check for Updates.  Do this to protect yourself.

Tonight is the BIG GAME!!! Remember all Tarheel fans can disregard any advice I give.  Tyler Hansborough (Don’t know if that is the correct spelling.  Really don’t care.) is on the cover of SI so hopefully that will be the famous SI Jinx.  ROCK CHALK JAYHAWK!!! GO KU!!!!  Love my Jayhawks and both these games today will be awesome to watch.  Stay safe, patch and may my Jayhawks from the University of Kansas bring home the National Championship.

I wasn’t sure I was going to make it through the game yesterday.  My heart can’t take much more of that.  Well congratulations to my Kansas Jayhawks for making the Final Four and now we focus on the UNC Tarheels.  Please UNC, listen to all the hype.  You are the greatest team ever and KU should not even show up.  Rock Chalk Jayhawk!!!  I’m very excited about Saturday’s games.  Can’t wait and be ready for all that crappy Tarheel hype.

Be careful out there when it comes to spam and even those Google searches.  You may want to go to Finjan.com and click on the Secure Browsing icon at the bottom of the page.  Doesn’t matter if you use Microsoft’s Internet Explorer or Firefox browser, you can install this little addon and when you do searches, you can feel a little safer that a site is not malicious.  Criminal attackers will take advantage of all the interest in the Final Four with their spamming attacks.  Read about what this Finjan addon can do for you.

Now a special message to all those UNC Tarheel fans.  Patching your PC is overrated.  Use an older version of Microsoft’s Internet Explorer.  Spam e-mail is safe.  Click on unsolicited e-mail links and attachments.  You guys rock!  LOL.

I love this time of year.  Stay safe and ROCK CHALK JAYHAWK!!!!!!

This week, another cyber attack against legitimate sites is going on.  Some of the security companies have been writing some articles about it.  Not a whole lot of details are known at this time but some of the sites include several .edu’s, .gov’s, and of course there is always the big names.  In this instance, it was Trend Micro.  A computer security company.  They’ve taken care of the pages that were hacked.   Similar to the other attacks earlier this year,  the web applications themselves have been attacked then serve up exploits to any visitor to that site.

In an Internet Storm Center Diary post lists what vulnerabilities that are being used in this latest attack.  What do you to defend against these types of attacks?  Well, regular readers have heard it from me before but the answer is the same.  PATCH!!!!!   Pretty simple.  The weaknesses listed in this current post are all Microsoft patches from 2006 and 2007.  Not listed but are used more often are some of the third party applications like Adobe Reader, RealPlayer, WinZip, WinAmp, and on and on and on.  These applications need patches too so don’t forget those.

It’s Big 12 tournament has started so I’m pumped up.  Rock Chalk Jayhawk.  GO KU!  That is it for now.  Have a great weekend and may your favorite team win unless they are playing the Kansas Jayhawks!!

Happy Patch Tuesday!  This is just a reminder that we make sure we update our applications.  So look for your Microsoft updates and apply them.

Now to today’s topic.  If you use instant messaging like AOL’s Instant Messenger, MSN Messenger, Yahoo Messenger, or any other messenger, you have probably received unsolicited messages from strangers.  Most appear to be sent to guys.  They promise the same thing that we’ve discussed in previous posts.  It is just a different way of getting some tempting message out to the masses.  So consider this another way attackers try to get you to click a link to take you to a site that probably you don’t want to visit.  So spam comes in many flavors.  We’ve talked about spam e-mail, and spam SMS text messaging on our mobile phones, and now we discuss Instant Message spam.

The outcome is the same in all these cases.  They want you to go somewhere to look at naked pictures of your favorite movie or TV star, or some other tantalizing temptation.  Guys, come on!  Most of these are aimed at you.  Don’t fall for it!!

Remember that spam comes in many flavors, but the outcome is the same.  Don’t click on any unsolicited links.

Off topic, I have sometimes been forced to watch Jon and Kate plus 8 and I just want to make an observation.  They get to go and do so many things but they don’t ever have to pay for it.  Business folks offer up their services for the advertising they get when the show airs.  Do they pay for anything?  Just a thought.  I have a feeling they are given a lot of things and they take advantage of it all.

Hope your weekend has gone well for everyone.  Tonight, I’m blogging about why attackers pick on FaceBook and MySpace users.  Why do you think they do?  Well if your answer is the sheer number of users of FaceBook and MySpace, that will tell you why.  Attackers want to make the biggest bang with their attacks.

Most people who surf the Internet do it with Microsoft’s Internet Explorer (versions 6 or 7).  Attackers are starting to exploit vulnerabilities in several widely installed IE plug-ins to install their malicious software when users are coerced or tricked into visiting one of several Web sites.  That my friends is called social engineering and probably is being done through spam e-mail.

Symantec this past Friday was seeing malicious sites that are running exploits on some Internet Explorer plug-ins in a set of ActiveX controls produced by Aurigma, a tech company who’s image transfer browser plug-in is licensed and distributed by some heavy weight  web portals to help the users upload pictures.  Among these heavy weight sites include FaceBook and MySpace.Symantec warns that if visitors don’t have the Aurigma plug-ins installed, the sites will look for other vulnerable IE plug-ins, including two recently discovered from Yahoo and another for QuickTime that was recently patched by Apple last month.   I go to many sites to gather information for stories and one is Brian Krebs who writes a security blog for the Washington Post.  Click here to read his story on this topic and included in his story is an image of what  the malicious page that people are directed that asks for their login credentials.  If you notice the .cn at the end of the web address  in this picture, the .cn is a country code where the page is hosted.  .CN is for China.  .HK is another one that seems to be host to many  malicious pages.  .HK is Hong Kong.

Well, have a great week.  We are in the last week of February and the weather has to be getting better soon.  Stay safe and we’ll talk again later this week. 

Hope all is well with everyone this Saturday afternoon.  If you’ve been a reader of my blog, you know that social engineering  happens everyday from your email inbox.  If you saw in your emails some Valentines greetings from some strange and they were either directing you to some random website or they had a malicious attachment like an Adobe PDF document.  Always question anything in your inbox that has an attachment or is trying to direct you to somewhere you probably don’t want to go.

The social engineering used to spread botnets like Storm and now the Mega D botnet, sometimes may trick you.  There are other ways attackers are going after more victims.  I got my first SMS text message spam this past week when in Atlanta, Georgia.  It was trying to direct me to a website to go visit.  I just read this weekend in the Kansas City Star that local residents were getting spam SMS messages on their phones from a local bank.

Attackers are finding more ways to try and part you away from your money.  Be aware that you will continue to get nasty malicious emails in your inbox, but you will possibly be getting text messages that are just spam messages just sent a different way.  If you use the messaging systems like AOL’s Instant Messenger, Yahoo Messenger, or MSN Messenger, you probably have seen unsolicited  messages, many from women who want men to join them for their webcam shows.  My advice for any type of spam is the same.  Delete it.  Don’t respond to it.  Delete it.  Protect yourself against spam no matter how it is delivered to you.

Stay safe and have a better weekend than I’m about to have with  a Winter storm approaching.  Bye for now and we’ll talk again next week.

Well just yesterday we got an alert about an Adobe Reader flaw that is being exploited in the wild.  Adobe came out with an updated version of Adobe Reader on Wednesday of this week.  You want to upgrade to version 8.1.2 now.  These exploits have been found in both banner ads and also spam e-mail attachments.  These dirty rotten criminal hacker scoundrels are attacking this application because it is so widely used.  Most people don’t update their version of the Adobe Reader.

If you are a reader of my blog, you know there are tools out there to check to see that you have your software up to date.  The one I really like is the Shavlik Google gadget.  It runs and checks many of these third party applications and tells you that you have an update.  If you use this Google gadget, run it and patch.  The one thing you can do that will protect you the most is to patch your applications.

Patch and be happy.  Stay safe and have a great weekend!!

All of us know who have a blog hosted on WordPress, that many times, we find comments posted that are created by bots. Some are pretty generic rambling words. Other times, it is blatant links to what appears to be porn sites. Well I can tell you that I’m not clicking on any of them. More than likely, you would find a site that would be considered malicious. For example, it probably hosts a malformed .pdf file, flash file, or the vulnerability of the that Microsoft has. Or possibly it could be a site set up to share actual porn videos that you could click on to see. If you click, it may pop up a message that says that you need to download a new codec file to actually view the porn, and you click the OK or Download button and what you’ve really installed is a trojan downloader that will then download additional malicious files such as a keylogger, or a program that would search your hard drive for cookies that would have valuable information or if you use Turbo Tax, it would send the bad guy your tax file that contains a wealth of information.

The reason that bad guy attackers try and post to blogs is to then get their rating on Google to be higher. Then they can get more people to download a malicious file or just visit a web site that will serve up your current exploit of the day. WordPress is good because it allows the owner of the blog to determine if comments are from actual people and the author can determine to post it or just delete them. I will admit as probably most others who are writing on WordPress that you delete more than 90 percent of the comments. It may be closer to 95 percent.

Lesson learned? Well it is possible that bad people try and post comments is to prey on people who do not patch their applications. So my message? PATCH PATCH PATCH. I’ve written about the Shavlik Google gadget to help you with this. I have found this to be a great application for home users to use to create their own patch management schedule. Visit the Shavlik site. I’ve provided a link in my Blogroll on the right side of my page. You’ll be glad you did.

OK, on Thursday night, the Orange Bowl was played. I’m so proud of my Kansas Jayhawks. They put it to the Hokies of VaTech. Rock Chalk Jayhawk go KU!!! No all attention turns to basketball. Make me proud Coach Self and my Kansas Jayhawks of the hardwood!

Stay safe and patch yourself, you filthy animal. JK.