Poor Kenneth

Got this in my email today:

Hi,

Just writing to let you know our trip to Madrid, Spain has been a mess. We were having a great time until last night when we got mugged and lost all my cash,credit card cellphone It has been a scary experience, I was hit at the back of my neck with a club. Anyway, I’m still alive and that’s whats important. I’m financially strapped right now and need your help. I need you to loan me some $$, I’ll refund it to you as soon as i arrive home.Write me back so i can tell you how to get it to me.

Regards, Kenneth

This is quite sad. Poor Kenneth. Stuck in a foreign country, no cash, no credit cards, so he can’t get home. I should send him some money to help out.

Except I don’t know a Kenneth. Even if I did (and this scam sometimes is from a name you recognize), not a good practice to send money to someone without verification. Unless you don’t care if you ever see that money again.

These types of messages might come to you from you “cousin” or “granddaughter”, and might include information that seems valid. But it is a scam.

Be careful out there!

On-Line Banking Attacks

Reports in a couple places about some really sneaky attacks if you do on-line banking. The attacks will steal your credit card info (with your help), make unauthorized charges, then remove those charges from your on-line statements. Pretty clever, actually.

Here’s a couple of links about this: http://redtape.msnbc.msn.com/_news/2012/01/06/9986119-new-virus-raids-your-bank-account-but-you-wont-notice and http://nakedsecurity.sophos.com/2012/01/05/spyeye-bank-trojan-hides-its-fraud-footprint/ .

Your defense? Those four things we mentioned here http://cellarweb.com/securitydawg/?p=56 : Windows updates, application updates, anti-virus updates, not browsing as an administrator. Those would be a great start.

…and we’re back …

Not that anyone has noticed, but this place has been like <sound of crickets>. Let’s see if we can rectify that situation.

Changes in store for this place. The ‘look’ will be tweaked, so expect those changes. Content will appear more regularly, with any luck.

We’ll post things about computer security that catch our eyes. It might just be a short sentence with a link to someone else’s site. But more content, more often. At least, that’s our plan.

In the meantime, four things to do:

1) Install all Windows updates. Set it up to install automatically.

2) Update your antivirus regularly. At the very least, use Microsoft Security Essentials (at www.microsoft.com/protect ) . Good program, catches most problems, low footprint/effect on your system

3) Update your applications. I recommend Secunia PSI program. Go to www.secunia.com . It’s free, and will keep your applications current. That’s important, as more exploits are aiming for your programs, not the operating system.

4) When wanding around the Interwebs, log on with a limited (non-administrative account). That will help protect agains malware attacks.

Do these four things, and your computer will be protected from the most common problems.

More later … and, with any luck, more often.

Internet Still Working After Conficker "Threat"

Noticing that the Internet is still working after the big ‘Conficker attack on 4/1/09.

But there are lots of computers with the Conficker malware, as shown by this map http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionDistribution from the Conficker Working Group.

That group also has a quick test for checking if you are infected is this Conficker “Eye Chart” http://www.confickerworkinggroup.org/infection_test/cfeyechart.html , which uses graphic images from web sites that are blocked by Conficker. A good quick test to see if you are infected with Conficker.

Conficker is still a threat, since there is no limit to what a bot-controlled computer could be told to do. The map shows that it is still widespread.

But the attention of the anti-malware community will minimize it’s impact, I think. Or at least the details of the next attack will be known.

Is Your Data Safe?

So…where is your data? And what is your backup plan? Is it like Ma.gnolias (a free site to store your web browsing bookmarks)? Who apparently didn’t have a backup plan, as the entire site was hosed by some unknown error (I suspect that their database got corrupted, and backups weren’t’ available). One place for the story here http://blog.wired.com/business/2009/01/magnolia-suffer.html .

Or, in these uncertain economic times, do you have a procedure that disables access when your network administrator is let go? Or are you like the folks at “Fannie Mae” (US govt housing mortgage agency), who told a contractor he was fired, but didn’t revoke his access? Seems that he was a bit miffed at the whole thing, so he put a logic bomb on their servers that would have deleted all their data on all servers. See here: http://www.theregister.co.uk/2009/01/29/fannie_mae_sabotage_averted/ ).

If your company may start downsizing, do you have proper access controls on your data? If you gave an employee two weeks’ notice, could they start deleting files? Or changing some spreadsheet formulas?

Something to think about for your personal data … and your company’s data. Could your company survive a disgruntled employee’s nefarious action on your data?

Looking at other "Free" File Transfer sites that aren’t really free

Some minor fine-tuning on the www.filehurl.com site (my absolutely free unlimited file transfers web site).

There was a comment in a previous post about using another site. So I was curious about it, and looked at the site and compared it to FileHurl.

The other site requires registration (FileHurl doesn’t). It does have free file transfers (like FileHurl), but limits the size of the free transfers (FileHurl has no size limit). It also limits the number of times you can use the “free” transfer (FileHurl has no such limit). It has some paid services that allow unlimited use and size (FileHurl is fully free, although you can voluntarily donate).

The other site may be a bit ‘prettier’. FileHurl is pretty simple. Click one button, fill in one simple form (four or five fields, plus a ‘Browse” button to select the file), and that’s it for sending the file notice.

The recipient gets a simple email with one link. One click for the link, one click to get the file, one click to save the file. That’s pretty simple.

And it is totally free and unlimited, unlike the other place. If you want to check it out, go ahead.

But I think that my FileHurl place is better. It certainly doesn’t have the limitations of other file transfer sites. I haven’t found any that are totally free like FileHurl (but will look at any alternatives that you mention).

Try it out. And let me know what you think. (And a mention on your web site or to places like “Digg” might be nice.)

How to Send Big Files via Email

Ever need to transfer a file to someone, but it was too big for sending via email? There are some sites that do that, but most have a one-time or monthly charge, especially if the files are large. Or they limit the size of the file.

That happens to me sometimes. So I decided to try to create my own file transfer web site. And I think that it is ready for my thousands of readers (well, maybe as many as five) to try out (and to recommend to others).

The concept is quite simple. You fill out a simple form with the email address of the person you want to receive a file. Type in a little message, use a browse button to find the file on your computer, then click one button to send it off. (We call it “Hurling a file”.)

The recipient gets an email message with a special and unique link, along with your message. Click on the link, then click one “Get the File” button to save the file to your computer.

And that’s it! You’ve sent your file to someone else, no size limits, no charges, and it’s simple enough for “Aunt Minnie” to use (at least, that’s our hope). We don’t save the email addresses, and the file is available for just seven days and then goes away.

It’s not a file sharing site, since you only get to send one file that you already own. And it can’t be a spam site, since you have to enter the email addresses manually. We’ve protected it against the evil guys as much as we can, and will monitor things to make sure that the site stays as safe as it can.

And, it’s all free. Although we do have a ‘donate’ button, and hope to get some simple advertising, to help defray expenses.

We (hmm…sounds like a ‘royal we’…) also put some social networking buttons at the bottom of the page to spread the word about the place. It’s a grand experiment, it will be interesting to see if anyone other than me actually goes there.

Oh. Where’s there ? We call it “FileHurl”, and it’s at www.filehurl.com . You’re invited to try it out…and send along any suggestions for improvement.

And tell a friend. The place might even be ready for the “Digg Effect”.

Firefox Vuln and DNS Changers

A newer spyware program targets only Firefox users, according to these articles. http://blog.trendmicro.com/cyber-crimainals-target-firefox-users/ (which includes links to technical information). Of course, one has to allow the initial infection to install.

It’s not clear how the initial infection gets to your computer. But once there, it puts hooks into Firefox to allow the spyware to watch and report on access to banking-type web sites. When such a site is accessed, the spyware grabs your login credentials and sends them off to the evil hacker. And that can’t be good.

Another evil is the DNS changer software that could live on the laptop next to you at the local coffee shop. When you connect to the coffee shop’s network, the evil laptop will intercept and change your DNS settings. That will allow the evil DNS server to intercept and redirect your access to a web site. Also not good.

Brian Krebs (Washington Post) has a write-up of it here http://voices.washingtonpost.com/securityfix/2008/12/a_scary_twist_in_malware_evil-.html . The trojan works by changing a registry value that changes the DNS server your browser accesses.

The trojan is another one that you have to decide to install, and is often disguised as a video ‘codec’ (add-on) that an evil site (often an ‘adult’ site) wants to install so you can view the videos. Could even be a site like www(dot)yuotube(dot)com (and no, that is not a typo).

A quick way to check if you have a DNSChanger problem is to try to browse to a known non-existant web site. Like www.this-is-not-really-a-good-domain-name.com . You should get a “Navigation cancelled” page. If you get anything else, then it’s time to start the cleanup process on your computer (and perhaps your router, since there are some DNSChanger attacks that try to hack into your router using known passwords).

Note that some ISPs redirect you to their search page if you type in a non-existent web site name, so this may not work for everyone.

Be careful out there!

USB Auto-Infection

One method of infecting a computer is through the use of AUTORUN.INF on a USB drive. This is a file that contains commands to automatically execute when the device is attached to a computer. If your computer is set to automatically execute that file, that setting can cause problems.

An example is when a USB picture frame device has malware on it, and it automatically runs the malware when the picture frame cable is connected to your computer. This happened last year, and there is some malware out there that will infect your computer. The US military has banned user-owned USB drives for this reason.

Most AV programs should be able to ‘catch’ the attempt at an installation of malware from an infected USB drive, since many of those infections are ‘known’ by a current AV program. You can also do a manual anti-virus scan of USB-attached drives.

You should be aware that there are more than just the USB “thumb drives” that might be a risk. There were many reports this year about infected devices such as photo frames that attach to your computer via USB. Those photo frames are a popular gifting item during the holidays.

Passing around infected USB thumb drives is a great way to do penetration of business systems. Some penetration testers have done that as part of their ‘war games’ against a business by dropping some infected USB thumb drives in the business parking lot or entrance area. (Of course, those war games were done with the permission of the business. You’d want to be careful about doing that yourself.)

Great social engineering way to get into a system….most people will plug the USB drive into their system out of curiosity.

There is a setting on your computer to disable auto-run via your Local Security Policy. On a Windows XP system: Use Start, Run, GPEDIT.msc . Then click down to “Computer Configuration”, then “Administrative Templates”, then “System”. In the right panel, double-click “Turn of AutoPlay“. Click on the “Enabled” button, and use the dropdown in “Turn off Autoplay on” to set it to “All drives”.

On a Vista system: use the “Start” button (the round Window icon), then type in “autoplay” and press Enter. That should get you to the “Control Panel, AutoPlay” dialog (which is another way to get there). In that screen, make the setting for “Software and Games” to “Take no action”. Also set the “Mixed content” choice to “Take no action”. (You could also set “Take No Action” on the other choices also if you want to be very conservative.)

Note that in a corporate/managed system, your network administrators may have already set this for you. If they haven’t, strongly encourage them to do so. This will cause CD’s to not auto-play, but that is a small price to pay.

Great Spam News

Are you getting less spam? A big spam host in CA was taken offline on Tuesday. One good source for the story is here http://www.washingtonpost.com/wp-dyn/content/article/2008/11/12/AR2008111200658.html , since Brian Krebs (the WP columnist) was one of guys responsible. The ‘co-location’ (a big web site hosting firm) looks to be responsible for up to 80% of the world’s spam, along with hosting other offensive sites (child pornography, etc).

As of Tuesday, their connection to the Internet was cut off.

As a result, the volume of spam being pumped out by all of those infected computers has gone down by 60% or more. At my office, we usually get about 800,000 messages a day; we block 92%+ as spam. Over the last 24 hours, that incoming volume has been reduced to about 250,000. Others are reporting the same reduction. (More details on Brian Kreb’s blog here: http://voices.washingtonpost.com/securityfix/2008/11/the_badness_that_was_mccolo.html

It will be interesting to see how long this reduction lasts.

In the meantime, working on another web site project, some updating of existing sites, and the other usual stuff.