Categories
General

California looks to fight cybercrime

In August, the state of California created the nation’s largest e-crime unit, “a group of 20 investigators and prosecutors whose sole mission will be to thwart and prosecute cybercrimes like identity theft, Internet scams, computer theft, online child pornography and intellectual property theft across the state.” (source)

While this all sounds fantastic, I strongly doubt a team of 20 investigators can handle the amount of fraud, identity theft, and even such a broad category such as Internet scams which include malicious software. I wonder how closely this e-crime unit will work with reputable companies in the security industry to help find these criminals.

Categories
Security

Mysterious case of the executable hijack

I got a message from my friend Paul today asking for help with an infection. He was using the latest version of Firefox at the time and was positive he did not click on any odd links or downloaded anything malicious. Naturally, I advised him to run Malwarebytes Anti-Malware and had him send me the log. One specific entry popped out at me.

Memory Processes Infected:
c:UsersPaulAppDataLocalojx.exe (Trojan.ExeShell.Gen) -> 3508 -> No action taken.

I picked up the phone and called Bruce Harrison, our VP of Research, and asked for an explanation. The result had shocked me. I was told that this was an executable hijack that is used with FakeAlert, a Trojan we see almost daily in our research center.

What exactly does that mean? Well, when the infection is able to penetrate your computer, it hijacks all executables to run the malicious file instead of their intended targets. For example, you try to open Skype and the malicious file starts instead.

It does this in two ways. First, it modifies each shortcut itself to point to the malware. Secondly, it modifies the .exe shell in the registry so that once again instead of starting the correct executable, it starts the malicious file.

Luckily, Malwarebytes Anti-Malware was able to patch Paul up, but we both wanted to know how this had happened. Bruce advised us to check the installed Java version. It was in fact outdated by several versions. I advised Paul to update to the latest version and he now has a healthy computer!

Categories
Security

Duqu: new zero day malware targets businesses

Since the media has made a huge hype about this, I thought I’d clear up to my readers what Duqu is and how it affects you.

Duqu, also commonly referred to as the ‘son of Stuxnet’, is a Remote Access Trojan that uses a zero-day vulnerability in Microsoft Word to infect a machine. Once dropped on the system, Duqu’s primary task is to stealthily gather data, including logging keystrokes, making it a prime tool for cyberwarfare. However, Duqu is unique in that it was likely developed over several years and its primary method of distribution is through e-mail.

Specifically, Duqu is more likely used to target higher profile targets, such as large companies, from which it can steal data. Microsoft said they “see low customer impact at this time,” which makes sense if Duqu was indeed a targeted attack.

Here are a few tips for those who suspect they are vulnerable:

  1. While Microsoft has not issued a full patch just yet, it is important to know that a workaround exists. Simply click on the Suggested Actions menu.
  2. Scan all e-mail attachments you try to open with both anti-virus and anti-malware software. This should automatically be done if you have licensed versions of both products.
  3. The e-mails can be forged to look like they came from somebody else in the company. If you weren’t expecting an e-mail or the attachment looks fishy, err on the side of caution and ask if the attachment is indeed legitimate.

Note that these types of attacks are common and it is good practice to always follow the steps above.

Safe surfing!

Categories
Security

How many security researchers does it take to rob a bank?

Thought I’d share something that made me laugh today.

Moran Cerf talks about his work as a hacker who breaks into banks digitally. He reports these exploits to the bank and they pay him. Listen to his story as he attempts to break into a bank physically and everything goes wrong.

With this story, Moran won the 2010 Moth GrandSLAM story-telling competition.

I don’t think you’ll see me robbing banks anytime soon.

Categories
Security

Teaching security to the hopeless

One of my Twitter followers suggested that I write about security tips for the technically challenged. Instantly, I thought about my last visit home.

If you’re anything like me, you’ll notice that your friends, your family, and even people you rarely interact with always turn to you with their computer troubles. Sometimes, the questions are easy to answer, like recommending anti-virus software. Other times, you get the friend or family member that is technically savvy enough to follow your advice. Unfortunately, most of the time you get to deal with the hopeless, my parents being a prime example. Luckily my mother doesn’t read this blog. If she did, I’d get an earful on my next visit home.

Below are some easy tips you can recommend to those you may be hearing from a bit too much:

  1. Don’t just click next. When installing a piece of software, read each page of the installation. Many software companies now ask you to install a toolbar and if you don’t opt-out you may end up with browsing the Internet with this.
  2. Be vigilant while browsing. If you search Google for “car rentals,” make sure you select a search result that looks credible, like Hertz. This sounds obvious, but I can’t tell you how many times I’ve seen someone get infected by clicking the first link or advertisement.
  3. Buy your anti-virus software. Okay, that may be stretching it but make sure your anti-virus is scheduled to update continuously. Most full versions of anti-virus software have automatic updating enabled by default.
  4. You don’t have any friends trying to sell you Viagra, I promise. Don’t open e-mails from senders you don’t recognize. More importantly, don’t open attachments unless you absolutely trust the sender.

With these quick tips, I was able to significantly reduce the number of calls from my parents. Leave a comment to share what’s worked for you!