Rossander’s Security Reader

Last month, we wrote about scareware and hackers using fake update notices. In the past few days, we’ve seen a sudden increase in one of these attacks coming from one of the former Soviet republics. This group is exploiting a "DNS hole" to hijack visitors who are attempting to visit legitimate websites (such as a hotel in a common vacation destination like Hilton Head). The hacker redirects the victim to the hacker’s virus-infected website, then automatically loads a virus onto your computer. From what we’ve seen so far, this virus first disables your existing anti-virus program, then slows down your machine and finally starts to present you with a false warning that your computer is badly virus infected and needs to run AntiVirusXP2008 to clean it up (for only $50 which they want you to send to them in Russia). The warning message lists hundreds of "infected" files on your machine. Many of those files are, in fact, on your machine but are legitimate files needed by the operating system.

At home, fix your firewall, update your antivirus and patches and practice safe surfing. If google or yahoo (or your existing antivirus program) give you a warning that you are about to go to a sight that might contain malicious code, heed the warning. Do not override it just because you think that you’re going to a "safe" site like the hotel.

At work, shut your computer off every day. (Your IT department probably pushes updates to your computer’s defenses every day but many of those updates can’t take effect until you restart your computer. If you leave your computer on for an extended period, you will be missing those critical updates.) And, of course, practice safe surfing.

If you get one of these pop-up warnings, never allow it to scan your computer. If you think you might have triggered one of these scams, call IT.

Most people surf the web and chat online thinking that they are hidden behind the anonymity of the computer screen. Few people realize that they are leaving footprints all over the web anytime they go online. Here are some of the things that are automatically sent to the website’s computer whenever you visit the site:

• Your IP address – Every computer on the internet is assigned a specific, unique IP (internet protocol) address. That IP address can’t be easily traced to a name directly except by your internet service provider but it can be correlated with your other online activity. So if you disclose your name in a blog or when writing a book review, someone might be able to trace that back and match it to your other internet habits. You can look up your current IP address at showmyip.com.
• Your computer’s software load – Many websites want to know what web browser you are using (including which version). Legitimate sites use this information to adjust for differences between the way browsers display the webpage. A page that looks fine on Internet Explorer may not display properly through Mozilla’s Firefox so the website developer adds code to tweak the display based on your browser. Unfortunately, the information sent to the website does not end with the browser. They may also be able to read your operating system and other details.
• Your page visit history – The website can often track which pages you visited, how long you stayed on a given page and where you were just before you came to the website. (This is often helpful for companies who want to know if you came to the site from a search engine and if their advertising dollars are being well-spent.)

If a web site uses cookies, they can collect even more information. The information they can collect about your browsing habits is limited only by their own privacy policy.

On the other hand, If the site you’re visiting is malicious, all bets are off. Your privacy is completely dependent on the strength of your antivirus/antispyware programs and how up-to-date you keep your patches. Hackers at these sorts of sites can use all sorts of techniques to either steal information or trick you into revealing more than you intended. They will try to steal passwords (knowing that many people reuse the same password and that, by compromising this password, they have a very good guess at your online bank or work password), load viruses and may even attempt to alter the security settings on your computer so that they can access and use your computer for other malicious activity.

You can reduce the amount of information revealed about yourself by only visiting legitimate sites, checking privacy policies and paying careful attention to the personal information you provide. Don’t post your address, password, or credit card information unless you trust the site. Look for indications that the site uses SSL to encrypt your information. Limit what cookies you allow and be careful which web sites you visit; if it seems suspicious, leave the site.

And, of course, always keep your antivirus software up-to-date and your computer fully patched.

Have you ever seen a "free" offer to scan your computer for security vulnerabilities? The most common one that I get is a pop-up ad that reads "Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click ‘Yes’ below." It looks like a great idea. You’re offering to test my machine for free so I know what, if anything, needs fixing. Doctors, mechanics, even the lawn guy offers that kind of free screening as a legitimate way to build a relationship with new customers.

Unfortunately, most if not all of these computer scanning offers are scams. They are rogue programs that will always report something that needs to be fixed or cleaned whether the flaw is real or not. They are designed to scare you into believing that there is something terribly wrong with your computer that only their software can fix.

Examples that attack Windows computers include SpySheriff, WinFixer, IEDefender and Cleanator. Interestingly, Mac users ran into this problem for the first time in January with a product called MacSweeper. MacSweeper is so “thorough” that it even finds flaws when it’s run against a PC – flaws that can only exist on a Mac.

Most of these are simple attempts to con you out of money or credit card numbers. Some are more malicious and will load spyware onto the computer or even disable your existing antivirus programs.

Never run software from unknown sources. If you do suspect that your computer may be vulnerable, use your own anti-virus and anti-spyware software. Don’t trust that “free” offer.

Note: The word “scareware” also includes more harmless pranks such as the program that pops up and says “Erase everything on hard drive?” with two buttons labeled “OK” and “OK”. (Nothing is actually deleted in this prank.) Just ignore those pranks.

A few more popup examples:

Your web browser is your primary connection to the Internet, either by reading web pages directly or through applications that use your browser to function. How you set the security makes a great deal of difference for your computer’s safety.

Those security settings will also affect the functionality of some web sites. Web page writers try to improve your experience by enabling different features. Sometimes they’re nice but they leave your computer more vulnerable to attack. In fact, a common hacker trick is to set up an "innocent" website with attractive content but which will not work correctly unless you reduce your security settings, exposing you to the hacker’s malicious content on other links. The safest policy is to disable those optional features until you decide that it’s necessary and that the website is trustworthy. (In most cases, you can enable the feature temporarily.)

Note: Your IT department should control the settings for your work computer. Make sure that they have the security controls locked down so users can not accidentally expose their computer to unacceptable risks. If you use Internet Explorer, you can find the security settings by clicking Tools/Internet Options/Security. (Firefox and other browsers generally use similar paths.) If the security is properly locked down, you should be able to see but not change the settings.

Internet Explorer uses the concept of "zones" and lets you set the security level differently depending on where you are browsing. For most of us, the most important zone is "internet". This is the general zone for all public websites and is the default used when the browser doesn’t have different instructions. This should be set as high as possible but never below "medium".

The "local intranet" zone is usually used for internal content. Since your own company developed the pages, it’s usually safer to use a slightly lower level of security as long as there is a business reason to do so. "Trusted sites" are those that you have decided are well-designed and use good security practices. Our work computers have certain trusted business partners pre-loaded in this zone. I have none in my personal computer at home.

"Restricted sites" are those that you think might not be safe and that deserve the highest level of caution. Frankly, if you’re that suspicious, you’re probably not surfing there anyway. But it can be helpful to mark those sites because it will provide an extra layer of protection if your computer is calling those domains for "hidden" content like ads and pop-ups.

Your browser also has some security settings related to JavaScript, ActiveX controls and Plug-ins. You should only allow them if you are at a trusted site. See the tip on Active Content for suggestions on those controls.

You should disable cookies except for sites that you trust that require them. Add those manually to the browser’s "allowed" list. Definitely block pop-ups but remember that it will break some websites. You can always allow the pop-ups on a case-by-case basis.

In general, always set your security for the highest level possible. Then lower the security only when a page fails to work properly and only as far as you need to or for as long as you need to. Once you’ve set the controls properly, it’s not that much work to maintain. But it is a vital part of the protection of your computer and your confidential information.

Spyware is Internet jargon for advertising-supported software. This type of software often automatically installs itself on your computer without your knowledge in order to collect your personal information and provide it to a website or advertiser. Spyware is hidden in the background and keeps track of your web browsing, what information you enter into forms and even the configuration of your hardware and software. The company receiving this information may use it directly or, more likely, will sell this information about you. Based on this information, you may begin to see incessant pop-up ads, giving the false impression that the Web page being viewed is responsible for the constant annoyances.

Spyware usually is usually hidden in or behind an application that you want to use (such as a music player). When you install the software, the spyware application also installs itself.

In addition to the annoyances of increased spam and advertising, the spyware application ties up valuable computing power and can eventually make it run slower. It can create conflicts with other software on your machine causing programs to lock up or causing your machine to crash. It can even be abused by hackers to steal your password or to take control of your computer.

If you load software from the Internet, read the license agreement carefully. Some companies actually disclose that they will install an application on to your computer and may allow you the option to "opt-out". For example, RealJukebox has the ability to track how you used the program including the number of recorded songs on the computer, the format that songs are recorded in, the user’s musical preferences, the quality level of the recordings, and the type of portable player connected to the computer.

You can use specialized software to find and disable spyware applications and to protect your computer. Two of the better-known free-ware applications are SpyBot Search and Destroy and Ad-Aware. Whatever anti-spyware solution you pick, be sure to keep it updated and run it regularly.

Be sure to read all "End User License Agreements" very carefully and make sure you understand what is actually going to be installed on your home computer.