Saturday, June 27, 2009

Farrah and Michael Spam

With the news of Farrah Fawcett and Michael Jackson's deaths on the same day this week, the spam campaigns that have followed are leading people to getting their PC's compromised. The criminal attackers out there love to take advantage of current events to spread their malicious software. It's a social engineering trick that preys on people's curiousity to know as much as they can about the events.

Along with these spamming e-mail campaigns, you will also need to be VERY careful when going to web sites on the topic of these deaths. Malicious web sites have popped up and the bad guys are using black hat search engine optimazation (SEO) to raise their malicious site's Google ranking so that their sites will come up in the top 10 web sites when you do a Google search. Only go to trusted sites if you are wanting to read more information on these current events.

Stay safe and have a FABULOUS weekend.

Saturday, June 20, 2009

Twitter Followers Lead to Porn

Here is the example of Twitter and the dangers that lie waiting in the Twitter world. Twitter, if you don't know, is a micro blogging site where you can post what you are doing in 140 characters or less. People can then follow what you do. Well since I'm in computer security, I follow several in the field of computer security. I logged on Saturday night, and noticed I had an additional follower. A closer look at this follower turned up interesting results.

First, here is the screen on Twitter showing who follows me. I see that this Ana Torres is following me. See the screen shot below.



So I clicked on the link on Ana's name. Here is what I saw.


Here you see that Ana states that if I want to see her pictures, I can click on the tinyurl listed above. So the curious guy that I am, I decided to check to see where that tinyurl led me to before actually going there. (Notice it says I must register first please, to see her pictures).

I did a preview of the tinyurl and found what the true url behind that tinyurl. I took that address and ran it through Trustedsource.org and found that the true web site behind the tinyurl is actually a porn site.


So be careful out there. Don't just click randomly on these url's trusting someone you do not know. In the next few days, Twitter will catch up with this follower of mine and they will be removed. So be aware that hot girls will not follow you if you are a computer security professional. LOL. Or any other type of Twitterer you are.

Have a great Sunday and stay safe.

Face to Face Computer Security Training

One of the things I enjoy about what I do is that I get to teach people about how to protect themselves from the dangers out there in the Internet world. Well I'm about to start a new program where I will have quarterly meetings where I live. It will be local and it gives you an opportunity to listen to the topic for the evening, then have a semi-short question and answer session afterwards. I say this because I've done these in the past and you can't seem to get to all the questions that want to be asked.

The inaugural topic will be "What would a criminal hacker want with my PC?". Click here to read a post I made back in 2008. A common question I get asked is why do people write these malicious programs that infect the majority of the population. The answer is easy. It is all financial. Just think of that famous line from the movie "Jerry McGuire". SHOW ME THE MONEY!!!!

So if you are local to the Topeka Kansas area and would be interested in some great information, stay tuned. I'll be publishing more details in the coming weeks. I'll get it on the calendar and we'll see how this works.

Hope all are having a great weekend. Stay safe.

Thursday, June 18, 2009

How to Avoid Fake Anti-virus - DON'T CLICK


So have you been one who has been presented with a window that tells you that your PC is full of malware including worms, trojans, and keyloggers, OH MY!

This happens sometimes when you web searches using Google and Yahoo. Other instances, you may browse to a web site and BAM! you get that same message about malware infestations on your PC.

This appears to be a message window but it is actually an Internet Explorer window. You should not click on any button or the X to close this window. In this specific case, the criminal attacker disabled the user from going to the Start Bar and right clicking on the IE window to close it. However, you can just bring up the Task Manager and under the Applications tab, close the Internet Explorer application from there. Any other clicking on this window will get your PC infected.


Stay safe out there and the weekend is almost upon us. Have a fabulous weekend!!

Social Networking Sites - Be Careful

Have you signed up on a social networking site? If you have, you've joined literally millions of others who are on FaceBook, MySpace, LinkedIn, and Twitter just to name a few. If you've signed up for any of these networks, you have probably wondered if there are security risks involved in participating in them. There risks associated with them and they are all related in one way or another.

First, the one common thread in all social networking sites is that you can associate (network) with friends and family, or work associates and share information with them. There is an inherent trust built in that if I allow you to be in my network, I trust you that it is really you and if you post anything, I'm assuming that it is you. Criminal hackers take advantage of this trust that is built in and if they can steal your login credentials to your account, they can pose as you and send all the friends in your network a message with a link that leads to a malicious web site. If successful, your friend's PC will have malicious code installed on their PC and this allows the criminal hacker to continue to take advantage of others as this process is repeated over and over with each friend who clicks on the malicious link.

Another risk of these social networking sites is what you actually post on these sites. One of the things you can do is share pictures with family and friends. You need to think twice before publishing certain pictures. One rule of thumb you should remember before you post anything on any web site is not to post anything that you don't want everyone to see. Even if you have posted a picture as "private", there have been instances in the past where the actual site you post pictures to has vulnerability in their systems which allowed "private" pictures to be stolen.

When you sign up for these sites, you can fill out a profile of personal information that you should limit what is available. For instance, you can add your birthday and you may choose to only put the month and day and drop the year of your birthday. Your birth date is one personally identifiable piece of information used in many things and you may want to exclude sharing the year of your birth. It is also a good idea not to post your phone number or your full address.

This one is specific to Twitter. First, what is Twitter? Twitter is a micro blogging system that allows you to share your status with anyone who follows you. These are called "tweets". These tweets are limited to 140 characters. Some folks who use Twitter like to share links to web sites that give you more information on a topic. Since links to web sites can be long, they use services that take a long web address, and shorten it. There are services like Tiny URL that do this. Criminal attackers have hacked high profile accounts that include CNN, the Obama campaign, and celebrities such as Brittney Spears. With control of these accounts, they can then abuse the trust issue mentioned earlier in this article and send out malicious links.

What can you do to protect yourself? Here are a few things.

  • Keep your home PC patched which includes Microsoft updates as well as Adobe, QuickTime, and iTunes, just to mention a few.
  • Think twice before posting any picture. A good rule of thumb is not to post anything that you wouldn't want everyone to see.
  • Limit what information you share in the profile section of social networking sites.
  • Trust no one. If a friend sends you a link, treat it like you have been trained with phishing e-mails. Don't click on unsolicited links.

Saturday, June 13, 2009

Criminal Attacker Blamed for Topeka Health Clinic Loss

I live in northeast Kansas. You read stories all the time of companies being the victims from some criminal attacker who is able to place a piece of malware on PC's and stealing money. Well, the headlines read that a Topeka health clinic, Sisters of Charity Marian Clinic, filed charges of a loss of $100,000 from their bank account. It is sad to read things like these, but in my line of work, it doesn't surprise me. Click here to read the Topeka newspaper story.

I'm sure that computer security awareness was not a part of the clinic's budget. They probably didn't have much of a budget at all for that matter for computer security. This could have happened a couple of different ways. It could have been an e-mail that came in that had either malicious links or attachments that someone from the clinic clicked on. This would be my guess as to how this happened. Or, it could have been just casual browsing on a legitimate website that had been hacked and malicious code injected that redirected them to a site which attacked the computer.

This computer was probably not patched. Probably Adobe Reader was an older version, or Microsoft patches that were not up to date. It doesn't matter what the vulnerable application was, it happened and it sucks that an organization that does what the Sisters of Charity Marian Clinic does, has to suffer such a loss.

Hopefully they can find out who was behind this, but the chances are, the responsible parties are located in a country that we have no way of getting to them. Possibly and eastern European country like Romania, or possibly Russia, or China will be where they were located. Hopefully the clinic will take computer security much more serious now. Knowing Topeka, there aren't a whole lot of options for the clinic to get the education they need so they will probably turn to the Geek Squad (I really hope not).

I guess the lesson learned is if you are doing financial transactions on a PC, you really need to make sure that patches are up to date, the machine is scanned often, and don't rely on just anti-virus alone. There are other options for you that will help protect these assets so things like this won't happen again also.

Stay safe out there, and have a great rest of the weekend.

Tuesday, June 9, 2009

June's Patch Tuesday

It's patch Tuesday for all you Microsoft users. That accounts for most computer users. If you don't have your computer set to download your patches automatically, you ought to go do that right now. This month is a busy Patch Tuesday. Also today is the start of Adobe pushing out regular updates to their software. We'll see how this goes. Adobe has a horrible reputation at this point when it comes to having vulnerable software (Adobe Reader, Acrobat, etc.) that the bad guys are using regularly. Hopefully this is a start to making a bad situation better.

Have a great week!

Saturday, June 6, 2009

Lessons Learned - Do Not Share Passwords

Passwords are an amazing thing. They are the key to many things in our lives. To our bank accounts, retirement accounts, e-mail, FaceBook, LinkedIn, and Twitter just to name a few. Today I have a story about my son and his ex-girlfriend who just so happened to know his password to his gmail account and his FaceBook passwords. I didn't ask, but I'm assuming that they were probably the same.

Lessons Learned
  • Don't share passwords with anyone!
  • Don't use the same password for multiple accounts.
  • Don't rely on FaceBook to respond too quickly. Hacked accounts are common.
Today our lives are out there on the Internet with all the social networks. When accounts can be taken over by someone, things can start to go wrong quickly. Sometimes hackers take control of these accounts when they are able to compromise your PC due to you not keeping your PC software up to date. Or worse, some you know and loved but now you've parted ways. Sometimes not on the best of terms. That is when things can turn bad quickly. So protect yourself, my recommendation is not to share these passwords at all. Don't re-use the same password. Once a hacker steals your login credentials, they probably have many more of your accounts because if you are like most, you use the same user ID and password for multiple accounts.

OK, well have a super fabulous Saturday night and to the rest of the weekend also. Stay safe out there.

Wednesday, June 3, 2009

Trust No One - A Twitter Example

I don't hide the fact that I'm a Kansas University Jayhawk fan. And after reading an article from the Lawrence Journal World where someone purporting to be Xavier Henry who opened a Twitter account. Last weekend, whoever this person was, posted a tweet about Carl Henry said something about having second thoughts about Xavier and CJ Henry coming to KU next year.

Well, father Carl contacted rivals.com and confirmed that both Xavier and CJ were enrolled at KU and will be attending KU in the Fall. Of course some took this to be gospel and so the Henry's are probably not big Twitter fans.

This should be a lesson about social networking sites like Twitter, FaceBook, etc, that you really don't know who is behind those accounts. Take my advice, trust no one.

Be careful out there and stay safe.