A Nurse with a Gun

Saturday, November 22, 2008

Black Monday

Global spam levels decreased by as much as 75 per cent after the neutering of McColo, a US web host that provided the foundation for most of the world's spam. In a effort of online vigilante justice, California based McColo was disconnected by its internet service providers, Global Crossing and Hurricane Electric, following a four month investigation. A report published this week identified McColo as the host of 40 different kiddie porn sites, one of which garnered up to 25,000 visitors a day, counterfeit pharmaceutical web sites, fake designer goods web sites and malware disguised as security products. Even so, there has been no announcement of any US law enforcement action against the company.

IronPort tracks daily spam volumes and publishes their findings online in real time. They showed a 70 per cent drop in spam after McColo was clipped. Unfortunately, McColo relocated overseas, hooking up with Swedish ISP TeliaSonera and has begun to re-establish itself. One fortuitous event in the forced eviction is that McColo apparently could not save their botnet.

Meanwhile, November 24 has been dubbed "Black Monday" following predictions the date will usher in the latest information harvesting malware. Anti-virus protection manufacturers have repeatedly demonstrated that the Thanksgiving holiday time shows a dramatic spike in spyware, malware, trojans and viruses as Americans begin going online shopping for Christmas presents. As more people turn to cyberspace to help them find better prices in a sagging economy, as well as to save time and gasoline, cyberthugs stand ready to virtually mug them and relieve them of their money.

Although email greeting card attachments remain a staple, cyberthugs are infecting users through more current methods. The recent presidential election was a golden opportunity exploited by criminals in cyberspace. An onslaught of Barack Obama related emails and websites offer new video clips of "amazing" Obama speeches, fresh interviews and administration predictions. An Obama sex video was another hook, as well as anti-Obama lures towards cyberinfestations. When the user attempts to view the video, they are taken to a website and told they must first download the latest version of Adobe Flash. The downloaded program is a fake, containing a trojan capable of stealing sensitive data. Modern viruses, trojans and keyloggers tansmit a detailed log of everything the victim enters into their keyboard back to the cyberthug. Passwords, credit card numbers, and even the ability to control one's own computer are compromised.

Another form of cyberthuggery that is emerging is holding the victim's data for ransom. Malware locks away access to personal files and requires a transfer of cash via the internet to restore access to the owner. Software is available that is capable of duplicating keys that appear in online photos, making even real world property vulnerable.

So what can the end user do? Many users have become complacent, considering it the norm to have some infestations of malware on their computers. Coping with malicious garbage on your hard drive should not be the norm. It is far easier to keep the stuff off your hard drive than it is to eradicate it afterwards.

If you use an Administrator account for your day to day usage, you are needlessly placing yourself at risk. This account should only be used when you want to change or install something on your computer. On Windows XP you can create three types of users, Limited User, Power User and Administrator. Use Limited User for every person on the computer and only one Administrator account, password protected for installations or system changes.

Internet Explorer is one big juicy target for cyberthugs. Switching to another web browser such as Opera or Firefox lowers your profile and makes you less of a target.

If you run Windows, keep it updated. As vulnerabilities are found and exploited, Microsoft tosses out band-aids and patches. Install them. If you are really concerned about the vulnerabilities in Windows, or if you are still trucking along with Windows 98, consider Linux instead.

Run a firewall, or two. Keep them updated. Obtain effective anti-virus software and keep it updated. Scan regularly, and become proficient in the interpretation and use of your protection software. It does you no good if it's turned off or only half effective.

Realize that very little is free. Use anti-virus software to examine attachments to emails and website downloads before opening them. If you are in doubt type the name of the program into Google and check the results for words such as "trojan," "spyware," "virus," or "malware." While viruses spread automatically, trojans require user input to install them. Resist the temptation to open and install programs on your hard drive that you have not previously researched and vetted.

If all else fails, copy your documents, or better yet, upload them to a secure cyberspace host for retrieval at a later date. Write down the password to the host. Dump your operating system, reinstall it, and learn from the experience. After all, it's only the internet.

Cybercriminals gearing up for Cyber Monday

Labels: , ,

2 Comments:

Anonymous Anonymous said...

A suggestion beyond being careful and running an AV scan on suspect docs it to use a 'sandbox'. This is a typical strategy on *NIX servers to keep someone from exploiting an http server to get access the whole operating system.

Any potential damage is limited to the 'sandbox' that the program operates in.

On windows you can run userland programs sandboxed, like browsers, or suspect downloads using an app called Sandboxie. Free for personal use.

http://www.sandboxie.com/

Non-affiliated. I just use it.

10:08 AM  
Blogger Mikael said...

It took the retailer connected to a telia sonera daughter company that they got internet access with a whole 35 minutes before the lapse was noticed and they were disconnected again.

1:30 PM  

Post a Comment

<< Home