Cyber Security Primer V

 

Attacks and Threats - II

Recovering from Viruses, Worms, and Trojan Horses

How do you know your computer is infected?

Unfortunately, there is no particular way to identify that your computer has been infected with malicious code. Some infections may completely destroy files and shut down your computer, while others may only subtly affect your computer's normal operations. Be aware of any unusual or unexpected behaviors. If you are running anti-virus software, it may alert you that it has found malicious code on your computer. The anti-virus software may be able to clean the malicious code automatically, but if it can't, you will need to take additional steps.

What can you do if you are infected?

1.         Minimize the damage - If you are at work and have access to an IT department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network. If you are on your home computer or a laptop, disconnect your computer from the internet. By removing the internet connection, you prevent an attacker or virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files, or using your computer to attack other computers.

2.         Remove the malicious code - If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. If you do not have anti-virus software, you can purchase it at a local computer store. If the software can't locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. After reinstalling the operating system and any other software, install all of the appropriate patches to fix known vulnerabilities.

How can you reduce the risk of another infection?

Dealing with the presence of malicious code on your computer can be a frustrating experience that can cost you time, money, and data. The following recommendations will build your defense against future infections:

     use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current.

     change your passwords - Your original passwords may have been compromised during the infection, so you should change them. This includes passwords for web sites that may have been cached in your browser. Make the passwords difficult for attackers to guess.

     keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

     install or enable a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer. Some operating systems actually include a firewall, but you need to make sure it is enabled.

     use anti-spyware tools - Spyware is a common source of viruses, but you can minimize the number of infections by using a legitimate program that identifies and removes spyware.

     follow good security practices - Take appropriate precautions when using email and web browsers so that you reduce the risk that your actions will trigger an infection. As a precaution, maintain backups of your files on CDs or DVDs so that you have saved copies if you do get infected again.

Recognizing and Avoiding Spyware

What is spyware?

Despite its name, the term "spyware" doesn't refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as "adware." It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.

Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications:

     What information is being gathered?

     Who is receiving it?

     How is it being used?

How do you know if there is spyware on your computer?

The following symptoms may indicate that spyware is installed on your computer:

     you are subjected to endless pop-up windows

     you are redirected to web sites other than the one you typed into your browser

     new, unexpected toolbars appear in your web browser

     new, unexpected icons appear in the task tray at the bottom of your screen

     your browser's home page suddenly changed

     the search engine your browser opens when you click "search" has been changed

     certain keys fail to work in your browser (e.g., the tab key doesn't work when you are moving to the next field within a form)

     random Windows error messages begin to appear

     your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)

How can you prevent spyware from installing on your computer?

To avoid unintentionally installing it yourself, follow these good security practices:

     Don't click on links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the "X" icon in the title bar instead of a "close" link within the window.

     Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the title bar.

     Be wary of free downloadable software - There are many sites that offer customized toolbars or other features that appeal to users. Don't download programs from sites you don't trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.

     Don't follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.

As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action:

     Adjust your browser preferences to limit pop-up windows and cookies - Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting.

How do you remove spyware?

     Run a full scan on your computer with your anti-virus software - Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically.

     Run a legitimate product specifically designed to remove spyware - Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft's Ad-Aware, Microsoft's Window Defender, Webroot's SpySweeper, and Spybot Search and Destroy.

     Make sure that your anti-virus and anti-spyware software are compatible - Take a phased approach to installing the software to ensure that you don't unintentionally introduce problems.

Avoiding Social Engineering and Phishing Attacks

What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

     natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)

     epidemics and health scares (e.g., H1N1)

     economic concerns (e.g., IRS scams)

     major political elections

     holidays

How do you avoid being a victim?

     Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.

     Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.

     Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.

     Don't send sensitive information over the Internet before checking a website's security.

     Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).

     If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).

     Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.

     Take advantage of any anti-phishing features offered by your email client and web browser.

What do you do if you think you are a victim?

     If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

     If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.

     Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.

     Watch for other signs of identity theft

Understanding Denial-of-Service Attacks

What is a denial-of-service (DoS) attack?

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.

An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.

What is a distributed denial-of-service (DDoS) attack?

In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.

 

How do you avoid being part of the problem?

Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:

     Install and maintain anti-virus software.

     Install a firewall, and configure it to restrict traffic coming into and leaving your computer.

     Follow good security practices for distributing your email address. Applying email filters may help you manage unwanted traffic.

How do you know if an attack is happening?

Not all disruptions to service are the result of a denial-of-service attack. There may be technical problems with a particular network, or system administrators may be performing maintenance. However, the following symptoms could indicate a DoS or DDoS attack:

     unusually slow network performance (opening files or accessing websites)

     unavailability of a particular website

     inability to access any website

     dramatic increase in the amount of spam you receive in your account

What do you do if you think you are experiencing an attack?

Even if you do correctly identify a DoS or DDoS attack, it is unlikely that you will be able to determine the actual target or source of the attack. Contact the appropriate technical professionals for assistance.

     If you notice that you cannot access your own files or reach any external websites from your work computer, contact your network administrators. This may indicate that your computer or your organization's network is being attacked.

     If you are having a similar experience on your home computer, consider contacting your internet service provider (ISP). If there is a problem, the ISP might be able to advise you of an appropriate course of action.

Identifying Hoaxes and Urban Legends

Why are chain letters a problem?

The most serious problem is from chain letters that mask viruses or other malicious activity. But even the ones that seem harmless may have negative repercussions if you forward them:

     they consume bandwidth or space within the recipient's inbox

     you force people you know to waste time sifting through the messages and possibly taking time to verify the information

     you are spreading hype and, often, unnecessary fear and paranoia

What are some types of chain letters?

There are two main types of chain letters:

     Hoaxes - Hoaxes attempt to trick or defraud users. A hoax could be malicious, instructing users to delete a file necessary to the operating system by claiming it is a virus. It could also be a scam that convinces users to send money or personal information. Phishing attacks could fall into this category.

     Urban legends - Urban legends are designed to be redistributed and usually warn users of a threat or claim to be notifying them of important or urgent information. Another common form are the emails that promise users monetary rewards for forwarding the message or suggest that they are signing something that will be submitted to a particular group. Urban legends usually have no negative effect aside from wasted bandwidth and time.

How can you tell if the email is a hoax or urban legend?

Some messages are more suspicious than others, but be especially cautious if the message has any of the characteristics listed below. These characteristics are just guidelines—not every hoax or urban legend has these attributes, and some legitimate messages may have some of these characteristics:

     it suggests tragic consequences for not performing some action

     it promises money or gift certificates for performing some action

     it offers instructions or attachments claiming to protect you from a virus that is undetected by anti-virus software

     it claims it's not a hoax

     there are multiple spelling or grammatical errors, or the logic is contradictory

     there is a statement urging you to forward the message

     it has already been forwarded multiple times (evident from the trail of email headers in the body of the message)

If you want to check the validity of an email, there are some websites that provide information about hoaxes and urban legends:

     Urban Legends and Folklore

http://urbanlegends.about.com/

 

     Urban Legends Reference Pages

http://www.snopes.com/

     TruthOrFiction.com

http://www.truthorfiction.com/

 

     Symantec Security Response Hoaxeshttp://www.symantec.com/avcenter/hoax.html

 

     McAfee Security Virus Hoaxes

http://vil.mcafee.com/hoax.asp

 

Comments

Post a Comment

Popular posts from this blog

OROP: A DROP IN THE OCEAN 1.  Last few days have seen some unprecedented actions, reactions and lack of action regarding "demand" of OROP by veterans of Indian Armed Forces. Debates on audio and visual media, messages on social media and heated arguments over a glass of beer in messes / clubs have focused on how successive Govts have failed to fulfill long standing demand of OROP, how the wily bureaucrats are putting spokes in its implementation, the base year for calculations and the estimates of budgetary allocations and cash outgo for the treasury. Few enterprising guys have even put up calculated revised pensions for various ranks. People in armed forces - both serving and veterans are agitated that their 'dues' are not being given and that while others like MTNL/BSNL losses of 10000 Cr are being written off, $ 10 Billion aid is being given to Nepal and 6000 Cr worth loans have been waived off, Govt is nickpicking and calculating how it can save a few / few h
Read more

Surgical Strike by Indian Special Forces in POK

1.     Since 1205 hrs on 29 Sep 16 the issue which has been "dissected" by all and sundry specially in Indian Media is the declaration by Lt Gen Ranbir Singh, DGMO of Indian Army that Indian Special Forces conducted surgical strikes inside POK and neutralized terrorists and "those who supported them".  Social media is abuzz like beehive with all kinds of messages being forwarded to all and sundry. Now let me enumerate what happened thereafter:- (a)  Pakistan gave out conflicting statements ranging from flat denial of any such operations, to accepting death of two of its army personnel in cross border" firing (Do they mean LOC is now IB?) to total silence from their Defence Minister who was talking of dropping nuclear bombs on India in case of any military action by India as also Gen Sharief their COAS who retires in a few weeks. Her efforts to raise the matter in UNO have elicited absolutely no response. (b) South Asian Countries gave either thum
Read more

Cyber Security Primer IV

  ATTACKS AND THREATS- I Dealing with Cyber-bullies What is cyber-bullying? Cyber-bullying refers to the new, and growing, practice of using technology to harass, or bully, someone else. Bullies used to be restricted to methods such as physical intimidation, postal mail, or the telephone. Now, developments in electronic media offer forums such as email, instant messaging, web pages, and digital photos to add to the arsenal. Computers, cell phones, and PDAs are new tools that can be applied to an old practice. Forms of cyber-bullying can range in severity from cruel or embarrassing rumors to threats, harassment, or stalking. It can affect any age group; however, teenagers and young adults are common victims, and cyber-bullying is a growing problem in schools. Why has cyber-bullying become such a problem? The relative anonymity of the internet is appealing for bullies because it enhances the intimidation and makes tracing the activity more difficult. Some bullies also find it
Read more