Many things you think are safe really aren’t

by Bob de Violini
a member of the Channel Islands PC Users Group, California
From the January, 2007 issue of the I/O Port Newsletter

It’s not too often I come across something that’s a really good read, but I just have. It’s an article on the Dark Reading Web site, a site that deals with computer security and is mostly aimed at those who deal with computer security and computer network security for a living. It’s quite lengthy by many standards, but it’s worth it. The article deals with “myth busting” or spelling out behaviors that many computer end users at work believe is still “safe” (meaning that they don’t think they’ll hurt the computer network at work) or that they won’t get caught at. Point is, someone is still watching, you just will never know when. The title of the article is “The Ten Most Dangerous Things Users Do Online”, and can be had at this URL. The link will take you to a page with no ads or anything else on the page. It just has the text of the whole article, so you don’t have to look at any potentially annoying ads or anything else on the page. You can even print it out and it will probably look pretty good. Some of the terms can be somewhat technical, but that’s what we’re here for is to answer any questions you may have and to help you have a more enjoyable computing experience, be it online or offline while working on a file or document. If you do have any questions, feel free to send me a note at the email address that appears at the beginning of this article. Bear in mind that the article spells out what users are doing mostly at work or at home with a laptop from their employer, and not from home on their own computers. How many habits that you have right now or may have had in the past are on that list?

To quote Monty Python, “And now, for something completely different…” and I do mean different. There’s a Trojan horse type of malware circulating out there that takes the strange step of scanning your system for other malware by installing an anti virus engine. Then, once your system’s been cleaned, it then infects your machine with its own code! The Trojan uses an illegal copy of an antivirus application from Kasperky Labs to the scrubbing before it infects your system. The illegal scanner checks your system and deletes anything found after you reboot your system. That’s when you get infected with this new Trojan, which goes by the name of SpamThru Trojan. Although there have been other pieces of malware that have blocked the execution of certain competing pieces of malware, this new procedure changes the whole picture. While I’d normally think of a free scan of my system to remove malware or viruses, this is the kind of favor that nobody needs. By now, most of the anti-malware scanners have had their signatures updated to catch this little bug, of go out and update your anti-malware product’s definitions, or signatures, if you haven’t done so in the last week. This Trojan also uses more sophisticated ways of keeping itself updated and running than others have, but the techniques are beyond the scope of this column.

Now, from the “What’s New is Old” department, we have reports of Internet Explorer 7, which was just released on the 19th of October, having a new vulnerability that’s actually a holdover from the first early days of IE6. There has been banter back and forth within the computer security community about whether or not it’s new and whether or not Microsoft will even fix it. Apparently, Microsoft’s been saying that the flaw isn’t with the browser, but with it’s companion piece of software, Outlook Express. The vulnerability remains unpatched to this day. There’s also another bug with IE7 that was also present in IE6 when it was first released in June 2004. At that time, Microsoft said to disable the “Navigate sub frames across different domains” setting in the browser, which would avoid the vulnerability. However IE7 comes with that setting disabled and it is still vulnerable to the bug. At this writing, IE7 is available on the Windows Update site as a High Priority download, and will also be available via the Automatic Updates feature in Windows XP and Windows 2000. Because of the uproar over this vulnerability, I’d suggest avoiding the new browser for a while until Microsoft patches the vulnerability or they release a workaround that actually works. You can set the Automatic Updates feature to just notify you of the updates that are available but not download them, or you can set it to tell you about the downloads and download them for you but not install them. Either of these options will work for avoiding the installation of IE7 for now.

Now for some news from the SANS Institute about some scams and other bugs that have been making the rounds, especially one that infected iPods in Japan. If they were infected in Japan, there’s no telling when it will happen on this side of the Pacific. Apple has taken steps to eradicate the bug, but it’s still worth noting. Ok, here we go:

QQpass spyware (Trojan variant)

As many as 100,000 Flash MP3 players, given away as prizes by McDonald’s in Japan, were found to be infected with a variant of the QQpass spyware Trojan horse program. The players were preloaded with ten songs and the malware. McDonald’s Japan has apologized, established a helpline to facilitate the recall of the infected MP3 players, and posted directions for cleaning infected PCs. More information can be had at this link

Here is a scam that can potentially snag a lot of folks out of the “fear factor” it implements:

FBI Imprimatur Added to Phishing Scams

Fraudulent phishing e-mails claiming to be from Richard Mueller III, FBI Director, and Donna M. Uzzell, FBI Compact Council Chairman, offer recipients big bucks and threaten big penalties if you don cooperate.

More information

This next bit was just too good to not pass along in the The Outer Edge (CIPCUG award-winning newsletter). It explains a term that’s being used more and more these days with regards to computer security and the vulnerabilities that are being discovered:

Security Question of the Month: What is a Zero-Day Exploit?

A zero-day exploit (attack) is one that takes advantage of a security vulnerability before or on the day that the existence of the vulnerability becomes widely known. Three or four years ago, hackers needed 7-14 days to figure out how to use a newly discovered vulnerability in order to launch an exploit. That lead time allowed hardware manufacturers and software developers to notify their customers, recommend ways to cope with it, and distribute software patches and anti-virus updates.

But there are more hackers, and they're getting better at what they do. So, how do you defend your computer when you have 0 days to prepare? You can. But if you keep your computer security software up-to-date, you’ll help decrease your overall risk and increase the chances that a patch or update will reach your computer ahead of an exploit.

The above pieces were taken from the November issue of OUCH! a computer end user newsletter put out by the SANS Institute via email. More information and previous editions, as well as this month’s can be had at this link

Well, that’s all for this month. Stay safe out on the Web, and remember to keep your anti virus and anti malware programs fully updated at all times to help prevent future infections from affecting you.

There is no restriction against any non-profit group using this article as long as it is kept in context with proper credit given the author. The Editorial Committee of the Association of Personal Computer User Groups (APCUG), an international organization of which this group is a member, brings this article to you.



For more information on the Tulsa Computer Society click here



Tulsa Computer Society 01/01/2007
Don Singleton, President