Sunday, September 23, 2007

Internet Security Tip:

I am a network security engineer. I love my job as it provides me new challenges every day and it is pretty rewarding for me. I love puzzles and I get plenty! My job has made me fairly paranoid too. This week I ran across something that you should know about. If you think that your security tools, like anti-virus, are protecting you, you could be very wrong. I found a website this week, a legitimate church site, that had been hacked. The thing was that no one knew it. It was hacked and altered but not in a way anyone would notice. All the pages had a javascript appended to them. You could not see it, but it ran every time you went to the site. It was a trojan and your anti-virus programs would not have stopped it. Why? Because there were no signatures for it. Malware authors can obfuscate most code, and often in an automated way, so that Anti-virus vendors cannot keep up. Sometimes you could get a different version of the trojan every visit to the website, as that trojan is modified on the fly. The major anti-virus vendors did not recognize the trojan, nor did they stop the follow on programs, such as a key logger. The key logger waits until you go to a bank website, then it sends your credentials back to the criminal. The criminal may then empty your account, or sell your accout for $400-$1000 US cash. Hacking is a lucrative underground business. What used to be for fun is now for profit, and the payoff is huge.

How do you stop this? Well, you are not going to like the answer. YOU are the only way to prevent this. That is right, YOU are the answer. The first thing to do is to make yourself two accounts. One account is for everyday use. This account cannot install programs, or make system changes, etc. If you run malware as this user, the malware cannot do much of anything with the system, if anything at all. The interesting thing is that neither can you. If you want to install new software or make system changes you will need to login with your other, administrator account. Once you are done, log out and log back in with the normal unprivileged account. This is a pain, but it goes a long way to making sure your system stays yours, and that your personal or financial information is not stolen.

Just because some website says you need a plugin, do not install it. Plugins are hackins. Plugins often do not update themselves or even notify you of issues. If you are browsing with admin privileges and you have plugins, then hackers that hit those plugins will get administrator level access to your system.

More later...I'm going to bed. Volleyball kicked my ass tonight.



  1. This sounds like it would affect both PC and Mac users?

  2. Dawn,
    There is some possibility, but the focus is really on Windows systems. There have been a few cross-platform java and other threats that could affect MAC or Linux users, but mostly just Windows. For the most part MAC users are fairly safe at the moment, but the measures to keep yourself that way are the same as what I suggest for Windows users. Since MAC is based somewhat on FressBSD (a unix variant) then I would say that it is already set up along these lines since Unix folks have been doing this for years.

    Mac users are not exempt from attack though and safe net practices such as watching where you go and what you install still apply. Anything you install can and will be used against you. :-) Since plugins are largely cross platform too, some of the same vulnerabilities apply. Also, make sure you keep your system patched and your software packages patched. It might be a good idea once a week to go out and manually check for updates for those applications that do not do it automatically.

    Cheers! Practice safe net!


I will not accept advertising in the body of comments. If you leave links to spam, goods, or services it will be deleted. If you embed HTML it will be deleted. For any number of other reasons I may delete the comment. I do this for the safety and well being of the readers of the blog.