The 5-Step Safe Computing Program

There are five basic steps you can take to secure your computer. While your computer at work may be protected, your home computer or laptop may need to have this protection.

And these practices are not just for Windows computers. They apply to any computer. Pass them along to others.

Step 1 - Install and Use a Firewall

A firewall protects your computer like your fireplace screen protects your home from fire-causing sparks. Without a firewall, your computer is easily attacked and controlled. If your computer is connected to the Internet without a firewall, you can expect to be attacked within 30 minutes, even on a dial-up connection.

If an attacker gains control of your computer, they can do anything to your computer. They can steal your information, your checkbook files, your bank login name and password, credit card numbers, etc. They can turn your computer into a mail spamming machine. They can use your computer to store offensive (adult) files. They can store other illegal information on your computer. And you could be liable for that use of your computer.

A firewall helps prevent the hacker or criminal from controlling or accessing your computer.

If you have Windows XP, enable the XP Firewall. Or install another firewall program. More information is available at Microsoft's Security site (www.microsoft.com/protect ).

Test your firewall with the ShieldsUp! program from Gibson Research here: http://www.grc.com/default.htm . Scroll down to click on the ShieldUp! link, then do a 'Common Ports'. The results should be "Stealth" or "Closed". Any "Open" results are a risk.

Step 2 - Use and Update Anti-Virus and Anti-Spyware Software

If you don't have current anti-virus software, it's easy for a virus to get into your system. That virus can delete files, or give the hacker control over your computer, even if you have a firewall in place.

And you must keep the anti-virus software current with regular updates. Daily checking for updates is a best practice. Updates can happen at any time, and your computer needs them to be protected against known viruses.

Options for anti-spyware programs to use at home are Microsoft Defender (www.microsoft.com/protect), Ad-Aware (www.lavasoft.de/ms/index.htm ), or Spybot Search & Destroy (www.spybot.com/en/index.html). All are free.

Make it a weekly practice to use your anti-spyware program (make sure to install the latest updates before your scan).

Step 3 - Use Secure and Original Passwords

Passwords are a reality of using a computer. You have to have them, and they have to be unique. Passwords are the key to your information. Assume that someone is continually trying to 'pick' your computer locks. Change your passwords often.

Step 4 - Keep Your Programs and Windows Current

If you don't install current operating system (Windows) or applications (like Microsoft Office) patches, then your computer is at risk. Configure your computer for automatic updates of the operating system.

Check with the vendor of your software for updates (some programs have an 'update' choice on their 'Help' menu). Check for updates on a regular basis. The Windows XP Service Patch 2 is especially important to install.

Step 5 - Practice 'Safe Computing'

Most viruses try to enter your computer via a program attached to an email message. They will often appear to come from people or places you know. Never open an attachment that you didn't expect to receive. If you get an expected attachment, use the "Save" function to save it to your "My Documents" or other folder. That lets your anti-virus software (which you are keeping current, right?) check the file for a virus.

Be very careful about using file sharing programs, or instant messaging. Viruses and computer 'worms' often arrive via those programs. If you must use file sharing programs, be very careful about the folders that you share. If you are not careful, you can easily share everything on your computer.

Watch out for "phishing" -- attempts to trick you into sending out your confidential information. Never respond to an email that asks for credit card or banking or personal information, even if the message looks authentic.

Be careful about installing a program on your computer, especially downloaded programs, or programs access via a pop-up box while 'surfing the net'. Consider using an 'anti-spyware' program at home (see above). Use this type of program to remove any spyware that might be on your computer.

Your Next Step

Yes, there is a sixth step of our five-step Safe Computing Program.

At work, ask your computer support staff for the proper protection of your work computer.

At home, you should start your protection at the Microsoft Security web site (www.microsoft.com/protect). You'll find information on firewalls, virus protections, and Windows updates, and more.

Following the recommendations there will help ensure that your computer is safe from attacks and damage.

Targeted Malware for Financial Fraud

Malware is getting smarter, and is more targeted. Their target is two-fold, in many cases. First, get the target (that's you) to install trojan software that will turn your computer into a remotely-controlled 'bot'. Then install software that allows access to your financial information, so they can get your money.

The first is done via email messages with links, or web pages exploiting vulnerabilities. These are often highly targeted ('spear phishing') so that it includes your name, bank name, and other information you would normally see only in a message from your bank.

The result is your computer is now remotely controlled -- a 'bot'.

Once you have been botted, the botnet's owner (the Commmand and Control Center (C&CC)) can send your computer instructions. Those instructions may be to download and install additional software for financial gain (sending clicks to advertising sites to get 'click revenue'), to keystroke loggers.

Consider this example. Send an email to a few million people that gets them to go to a web site of some sort. You get the email, and click on the link out of curiosity. On the web site, exploit a recent vulnerability to install 'bot' software on your computer.

Bots have owners (the C&CC) to report the bot infection, and then to ask for further instructions.

The C&CC sends back commands to download and install additional software, perhaps a keystroke logger that is looking for financial transactions done over the Internet. The keystroke logger sends to the C&CC your banking information (account number, user name, password, bank name, etc).

That data is then analyzed by the C&CC, which sends back some instructions that are specific to your bank site. These are keystrokes that exactly simulate your interaction with the bank site for wire transfers, bill paying, etc.

The instructions are very specific. The keystrokes are the exact same keystrokes (and clicks) you would use as you fill in a bank form to do a wire transfer. Since they are the exact keystrokes, there is a good chance that the bogus transfer will avoid the bank's fraud alerts.

And your money will flow into the bot owner's bank accounts.

In a matter of seconds.

The folks at SecureWorks have seen this process work. In a June 25th 2007 report ( http://www.secureworks.com/research/threats/prgtrojan/ ), they report that the group has data from over 10,000 victims - corporate and home users. The data contains "bank and credit card account numbers, credit union account numbers, Social Security Numbers, online payment accounts, and username and passwords (including popular challenge/authentication responses such as a user's mother's maiden name)."

SecureWorks has a followup report (Dec 12, 2007) here http://www.secureworks.com/research/threats/bankingprg/ .

Your protection? There's the usual "safe computing practices": be very wary of links in emails (even if you think you know the sender), keep all software updated (not just the operating system), keep your anti-virus program current, closely monitoring your financial transactions.

Be careful out there...you are likely to be eaten by a grue.

The Botnet Eight Indictments and Convictions

The FBI announce last month the indictments or convictions of eight people accused of using botnets for electronic criminal activity.

There wasn't much detail in the initial news reports, but the folks at Infoworld came up with a bit more details of the activities of each user. Interesting reading.

Here's the link http://www.infoworld.com/article/07/12/17/50FE-busted-botmen_1.html?source=NLC-SEC&cgd=2007-12-17

Recovery from a Virus or Spyware-Adware Infection and Protection Against Future Problems

Recovery from a Virus Infection and Protection Against Future Problems

While the best way to recover from a known malware infection is to "nuke and install" (back up you data, reinstall Windows by reformatting your drive or using your "Restore CD" you got with the computer, then installing all applications), that can be difficult, not to mention the problem of reinstalling all your programs and restoring your data files.

So, here's an alternative. It may take a bit longer, but might be helpful.
Print these instructions first.

1. Backup your data files. If you have a CD writer, copy all your "My Documents" files onto the CD (it may take more than one). An alternative is to copy all the files to a USB hard disk, or a bunch of "thumb drives". Since we aren't doing a "nuke and install", this is just a safety measure.

2. Install all critical Microsoft updates. Go to http://www.microsoft.com/protect , and follow the prompts to install all updates. If prompted to install the Microsoft Updates, do it. If you have to restart your computer, keep repeating this step. And then repeat this step until there are no more critical Microsoft Updates to install.

3. At the same site, download and install Microsoft Windows Defender (you should be able to find it via the above link). Then do a full system scan, and remove any nasties that are found.

4. Update/Scan for Viruses. If you have an anti-virus program, get the current updates. You can usually find them by right-clicking the AV program's icon on the task bar, and selecting "Update Now" or something similar. After installing the current updates, start up the anti-virus program and do a full scan of your hard disk. If any infected files are found, delete them (if any of those infected files were in your "My Documents" folder, make a note so you can delete them from your backup copies). Only run one anti-virus program; don't try to run two of them at the same time. They usually don't play well together. Pick the one you want to use, and uninstall the other one before you install the one you like. If you can't purchase a commercial anti-virus program, there are some free ones. They might not be as easy to use, but you must have an anti-virus program running. (And you must keep it current.)

5. Although Windows Defender will protect you from spyware/adware, download/install/run two additional anti-spyware programs: Lavasoft Ad-Aware and Spybot-Search and Destroy. Update the program's definitions first. Then run a complete system scan with both programs. Delete/remove/quarantine all nasties found with those programs. Although 'cookies' are usually benign, you might also want to delete those, since your malware may also be using cookies.

6. At this point, you should be fairly safe. Just to make sure, do these steps again:
- Microsoft Updates
- Windows Defender full scan
- Anti-virus program full scan
- Spybot Search and Destroy full scan
- Ad-Aware full scan

7. As a final check, go to the HijackThis! pages. Trendmicro bought the HijackThis program, but it's still free (as are the support forums). Start here: http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=quick_start_guide

Follow their instructions carefully. Do each step in the "Preparations Before Posting" section, even if you already did them once. They will repeat many of the above steps, and then ask you to send them the results of running the HijackThis! program. When you post those results in a message on their forum, enable the checkbox that will alert you to a response. You'll get some email from the forum helpers telling you what to do next. Follow their instructions carefully.


Although the HijackThis! program is at the above site, the free support forums are here: http://www.bleepingcomputer.com/forums/forum22.html . You might start on that forum page first, it's got a tutorial on how to run the program and post the results in the forum.

At this point, your system will fairly safe, at least until you forget to follow the "Safe Computing" practices. Now it's your responsibility to make sure that you stay safe. Start here for more info: http://forums.spywareinfo.com/index.php?showtopic=60955 .

Three Simple Steps to Protect Your Laptop

A laptop is a portable thing...easy to carry...but also easy to lose. The physical laptop is easy to replace (assuming you have the $$ to replace it).

How much is your data worth? All those family pictures. The tunes. The documents. How much time would it take to recreate all of that? Or would you be able to?

"Best practices" would be to make sure that your data is safe. This is even more important when you have a laptop (or carry around a USB hard drive). And it doesn't matter what operating system you use.

Here's three things to do:

1) Encrypt your data. If the data is lost, it won't be accessible.
2) Use a Power On password, along with a login password. And make it one that is not easily guessable. Although a login password can be 'cracked', the power-on password is harder to crack (not impossible, just harder).
3) Back up your data. Copy your "My Documents" folder to a CD/DVD or an external hard drive that you leave at home. Keep that backup copy in a separate secure area.

These are not absolute protections, since each could be defeated with some effort. Encrypting the data is probably the most important (to prevent access if your computer is stolen). Backing up is next in importance. Power-on and login passwords will help prevent access to your data.

You might also want to consider changing the 'boot order' on your computer so that it just boots from the hard disk. Many systems by default will boot from floppy or CD first. I can put a bootable CD in your computer, and run a program that will grab your login passwords.

But if you have a power-on password (that is strong), change the boot order (to only allow boot from hard disk), and encrypted the data, I've got some fairly strong protection.

And if the laptop goes away, my backup copies have protected my data.

Don't just think about physical protection of your laptop (or PDA, or USB stick, or...). Protecting the data from loss is also important.

Second Life Attack on Linden Dollars

I don't play games. Don't do virtual worlds. Don't even have a game console. (Which might make you wonder what kind of geek I am.) I'm more of a couch potato kind of guy, but often surfing the net with the laptop while watching TV. (In fact, right now it's "Monday Night Football".)

But the virtual world could be as dangerous as the real world when it comes to malware.

There is this Apple Quicktime vulnerability that allows the evil hacker to install malware (such as a keystroke logger) if you just view an infected video.

Now add that to the ability in "Second Life" to embed a video in a game object. The result, according to reports, is malware that will drain your "Linden Dollars" (Second Life's currency). And Linden Dollars have some real value.

Brian Krebs of the Washington Post describes it here: http://blog.washingtonpost.com/securityfix/2007/12/new_warnings_on_unpatched_quic.html

He reports "According to Linden Labs, nearly $1.4 million was exchanged between Second Life users over the past 24 hours".

Be careful out there. Patch early and often.