Ziggy Zapata Title

COMPUTER SECURITY

The author asserts his right to publish this information in the public interest
No responsibility is taken for consequences resulting from using any information contained herein

HOW TO STOP YOUR COMPUTER BEING INVADED

VIRUSES, WORMS AND TROJAN HORSES

The amazing growth of the Internet has spawned a proliferation of vandals who write and spread viruses and Trojan horse programs that can wreak havoc on personal computers. Many of these programs are not created just to cause trouble, but have far more sinister purposes, such as hijacking computers to be used in bot networks for denial of service attacks to extort money, or to surreptitiously turn computers into spam machines without the consent of their owners.

Many of these programs are spread by the running of unverified software downloaded from websites, but most come in email attachments and are activated when the attachments are opened. They can be in the form of EXE, COM and Visual Basic files, Microsoft macros and a variety of other formats. Facilities such as ActiveX can compromise computers when exploited by websites set up especially to take advantage of the gaping security holes that such add-ons create.

The following news report demonstrates very clearly why it is vital that everybody that operates on-line has to take extraordinary precautions to prevent viruses and malware from infecting their computers.

SWEDISH BANK FRAUD

Internet fraudsters have stolen around 8m kronor (US$1.1m) from account holders at Swedish bank Nordea. The theft, described by Swedish media as the world's biggest online fraud, took place over three months. The criminals siphoned money from customers' accounts after obtaining login details using a malicious program that claimed to be anti-spam software. Nordea said it had now refunded the lost money to all 250 customers affected by the scam.

The attack used a program called a trojan, known as haxdoor.ki, to obtain customers details. Trojans are programs that look benign but contain malicious software. Victims were duped into downloading the program after receiving an email, purporting to come from the bank, encouraging them to download anti-spam software. Once installed the trojan monitored the PCs' online activities.

When a user navigated to the Nordea bank login page, the trojan would kick into action, saving the customers login details. It then displayed an error message asking them to resend the information. With two access codes the criminals could transfer money from the customer's accounts. Trade newspaper Computer Sweden said the police had traced the fraudulent emails first to computer servers in the US and then to Russia.

EMAILS

Reading emails themselves will not activate viruses, so the best policy to avoid problems is to be most suspicious of all email attachments and to never open any from sources that cannot be trusted implicitly. Installing a good antivirus program with regular virus signature updates is the first line of defence, but ultimately the best safeguard is to not open any attachments and thus risk virus or Trojan horse contamination. There is an excellent virus checker at Housecall that will scan a computer on-line using the latest virus signatures and the best part is that this service is totally free. AVG has a free installable antivirus program with free updates that is excellent.

SECURITY HOLES

Software such as Microsoft Windows, Outlook Express and Internet Explorer have a long history of security holes that allow hackers to penetrate computers connected to the Internet and even remotely install malicious programs. To see how insecure the average computer can be, visit the Gibson Research Corporation website at www,grc.com and run the Shields Up utility. Most users will be shocked to find how many ways hackers can penetrate their computers with the greatest of ease. However there are many tools and tips on this site that will enable users to secure their computers, starting with such simple measures as restricting print and file sharing unless necessary.

BEWARE OF FREE SOFTWARE

Many websites, especially pornography and hacker sites offer supposedly free software or content that can be obtained by downloading a small executable piece of software. This is a most dangerous practice, because in many cases this software will install back doors on computers that allow hackers to penetrate them with total transparency. Many websurfers have been shocked to find that their personal details and content on their computers have been accessed by hackers who have then used this information literally to steal their identities and then fraudulently make unauthorised transactions.

INSTANT MESSENGER AND VoIP THREATS

Since Instant Messenger and Voice over Internet Protocol (VoIP) technology have become very popular with programs such as Microsoft Messenger and Skype, scammers have found another avenue they can use to exploit Internet users. One common technique used is when a hacker contacts an unsuspecting user and asks to download a seemingly innocuous file to that user. This file will contain a virus or Trojan horse program that will compromise the user's computer and expose it to being taken over by the hacker as a spambot or having a keylogger surreptitiously installed so that the hacker can discover secret banking details and passwords of the user.

Files containing viruses are not dangerous until they are run, so if such files are downloaded, they should be scanned by an antivirus program with the latest virus signatures to determine if they are safe or not. If a virus is detected, then the sender should be immediately blocked from being able to make further contact. In any event, it is far better to refuse all offers of files from strangers in the first place.

VoIP TELEPHONES SHOULD BE SECURED

The increasing popularity of VoIP telephones for business and home use has spawned new opportunities for hackers to exploit vulnerabilities by compromising computers or making expensive calls.

HACKERS ATTACK VoIP SYSTEM - 20 January 2009

A small Perth business reported its VoIP PBX telephone system was hacked by an unauthorised user who used it to make more than 11,000 international phone calls in a 46-hour period in January 2009. The business was alerted to the crime when it received an invoice from its service providers that was in excess of $120,000 as a result of this security breach.

The business owners had a total bill of $150,000 racked up by the hackers between June and December 2008. Up to 115,000 international mobile calls were made using the small business's VoIP system over those six months. Thieves can exploit the call-forward function and run up huge international phone bills, police stated.

Police also said that it was possible that the fraud was committed by a shady service provider offering affordable international calls to consumers and then rerouting them. It may also have been fraudsters using the system to run a fake call centre.

Police advised that businesses should invest in security software to protect themselves from this type of fraud. Most businesses are prepared to install firewalls on their computers but fail to extend that level of security to their phone systems.

Anybody who is using a VoIP service must understand that it is no different than having a computer online and a VoIP system has the same vulnerability to hacking. Before putting a VoIP PABX or individual phone service online, users should ensure that every conceivable security measure is in place, such as strong password protection, firewalls and whatever else is recommended by the service providers.

USERNAME AND PASSWORD SCAMS

There are malicious websites that use social engineering to trick people into divulging their usernames and passwords for on-line facilities, such as Instant Messenger accounts. For instance, an email may arrive that has a link to a website that allegedly offers users to find out who has blocked them in Windows Messenger. That website requests the user's username and password and if the user is crazy enough to hand out this confidential information to total strangers, then those total strangers can log into their Windows Messenger account and do whatever they want with it. Other emails may arrive, stating that the user's account will be blocked unless the user goes to a particular website and resets his password, of course by divulging his current password, which the scammers then have.

Usernames and passwords for any website should NEVER EVER be divulged to anybody, either on-line or off-line. The only time they should be used is to access the actual websites or facilities to gain access for the legitimate users. Furthermore, divulging usernames and passwords for most websites violate their Terms of Service and accounts can be cancelled without notice. So never be tricked by clever social engineering to hand out any usernames and passwords and always safeguard them from others.

Always remember that the companies or facilities with whom you do business over the Internet ALREADY HAVE YOUR USERNAME AND PASSWORD - therefore they never need to ask you this information. If by some chance their servers have crashed and your account is lost, then you will soon find this out when you try and access the service. If this happens, you can re-establish the account with a username and password, making sure that you are actually on the right website, not on a bogus phishing website that you landed on after clicking a link in an email. When doing Internet transactions with banks, finance companies or any on-line stores, NEVER EVER go to their websites using links in emails. Always enter the URLs manually into the address bar of your browser.

BLUETOOTH

Many laptops these days are equipped with Bluetooth wireless communications for hands-free operation with Bluetooth headsets, mice or to make LAN connections. To enable such a laptop to initiate a link and operate with such devices, there is a "Discovery" mode in the Bluetooth setup menu. This creates a massive security hole if the "Discovery" mode remains active, because anybody with a Bluetooth-equipped laptop in the vicinity can often connect to it surreptitiously, access a number of functions remotely and even copy that laptop's data files.

There is a very simple cure for this problem. After enabling the required Bluetooth devices, switch off the "Discovery" mode. That will prevent this particular security breach from occurring.

FIREWALLS

One of the best security measures for any computer connected to the Internet is to install a firewall. There are many different firewalls, either using hardware devices or software based types. Probably the very best software firewall is ZoneAlarm, which has so far been found to be impregnable to literally everything thrown at it. Apart from the peace of mind that using such a good product can bring, the most amazing aspect is the cost. ZoneAlarm is totally free for personal use and is easily downloaded from the ZoneAlarm website at www.zonelabs.com. The importance of running a firewall cannot be overstated.

ROUTERS

Avoid connecting to the Internet with a modem, but use a good router. Most modern routers have built-in DHCP servers that generate IP addresses for each computer on the network, thus totally masking any sign of their presence. Many modern routers also have built-in hardware firewalls with stateful packet inspection that will monitor every piece of data in and out of the system. As an added security measure against port scanning, stateful inspection firewalls close off ports until connection to the specific port is requested by the user's computer.

However, there is a significant threat to router security that can allow criminals to remotely take control of routers, alter their DNS addresses and redirect victims to fake banking and finance websites to entice them to enter their usernames and passwords. As soon as this happens, the criminals immediately go and clean out the real bank accounts of the victims. This can happen simply because routers are programmed using an Internet IP address that is allocated from a block of addresses reserved for this purpose. In most cases, the default username and password is "admin" and most domestic users never bother to change it. This leaves their routers wide open for criminals to exploit.

Secure your router by changing the default username and password, disabling ICMP broadcasting, disabling SSID broadcasting if it is a wireless router and using wireless encryption or MAC connections only for Wi-Fi.

MALWARE

Although usually not as damaging as viruses and worms, this class of intrusive and unannounced software called adware and spyware planted on the computers of unsuspecting users performs a number of invasive functions. Malware is usually installed surreptitiously while seemingly benign and usually free software such as screen savers, toolbars and other utilities are installed.

HOME PAGE HIJACK

Malware may hijack the browser's home page to make it always go to the advertiser's website and no matter how many times a user tries to revert to his usual home page, the malware will constantly forcibly change it back to the advertiser's site. It may force advertising pop-ups to appear frequently, becoming an absolute nuisance that can quickly render enjoyable websurfing into a very unpleasant nightmare.

For instance, CoolWebSearch is one of the most complex, sophisticated, and devious browser hijackers ever invented. The latest versions have grown increasingly aggressive and complicated and manual removal is virtually impossible. Complete re-installation of the entire operating system is often required, thus use of a reputable spyware remover with the latest updates is highly recommended.

RANSOMWARE

There is a particularly nasty way that criminals try and extract money from victims. One of the techniques used by ransomware criminals is to trick the victim into installing a Trojan that immediately encrypts all their important Microsoft Office documents so that they cannot be accessed. Unlike software that can be reinstalled, those files are created by users and if there are no external backups of them, then the users have to pay the fee to the extortionists for the unlocking code or lose the files and years of hard work.

However, with the increasing number of users learning to make external backups of critical files, this sort of disgusting ransomware has become less prevalent. At least most ransomware does not generally disable the entire computer, however some scammers have discovered a way to extort money by crippling an entire computer with a Trojan to make it completely unusable until a fee is paid.

One good example of this is the insidious MS Removal Tool scam. A user will go to a website that seems innocuous. All of a sudden, a window with the title MS Removal Tool pops up.

MS Removal Tool Scam
The MS Removal Tool window that pops up to fool users into thinking they have viruses

The window looks just like a typical antivirus program box and appears to scan the computer and find many viruses. If the user just closes the window, he is safe, because this scam relies on tricking the user into clicking something on the page, like the Remove button.

But the second that the user clicks a button on that bogus virus remover, the Trojan is downloaded and installed on the computer and immediately disables all security software such as real antivirus and malware removal programs, firewalls and anything that could prevent this malicious Trojan from running. It also blocks Task Manager and other facilities that could stop it running and it changes the desktop wallpaper.

If the user clicks on any icon, a warning box pops up and states, "WARNING! Application cannot be executed. The file taskmgr.exe is infected. Please activate your antivirus software". What is more, the computer constantly displays fake security warnings saying that the computer is infected with viruses, Trojan horses, spyware and other malicious software. The rogueware may even modify the important Windows Hosts file.

Nothing that the user does will help - nothing will work on the computer, no program will operate, no file will open - except the one that offers to fix the computer for a fee by the operators of the phoney MS Removal Tool. In other words, your computer has been completely hijacked by this malware and you have to pay a ransom in the form of a repair solution from the operators of this scam.

Apart from the fact that this is blatant extortion, the operators running this scam not only want the user's money, but the all-important credit card details, including the secret security code that is on the back of the card. The victim will not only lose the fee for releasing his hijacked computer, but will be subject to having his credit card used by the criminals for purchases, but also may be the victim of identity theft.

Avoiding infections such as the MS Removal Tool scam is easy. The trick is to never click on any page that pops up and claims that the computer is infected or there is a problem with it. There are many websites with instructions on how to eradicate the MS Removal Tool from a computer and all users should print up these instructions and keep them handy in case their computers are rendered useless by this nasty scam, so that they can eradicate it. One of the best and most highly recommended tools for finding and removing such computer infections is the excellent and free Malwarebytes. Every computer should have it installed and use it frequently.

SPYWARE AND KEYLOGGERS

Some malware is more discreet, transmitting the websurfing habits back to the operators so that they can survey the effectiveness of advertising. Even worse, it may even send personal or other details it gleans from a user, such as email addresses or a log of keystrokes so that the operators can target spam at the user or even raid the user's bank account.

There are effective remedies against malware. The main line of defence is to remember that very little is really free and that supposedly useful or amusing piece of software on the Internet may come with very high hidden costs.

To prevent malware infesting a computer, these measures should be taken:

COOKIES

Cookies are small text files that websites load onto computers to track activity or to facilitate navigating certain areas. For instance, most banks and internet finance institutions require their cookies to be on a user's computer to track transactions.

However, many websites plant cookies that are actually data miners that facilitate the transmission of the web surfing habits of users for targeted marketing and advertising purposes. Some cookies can actually even transmit personal data of users so that spam advertising can be sent to them.

The best way to deal with cookies is to disable their acceptance and only allow cookies to be loaded from known legitimate websites, such as banks, transaction sites such as eBay, PayPal and update sites for legitimate software. If a cookie needs to be accepted, permission can be issued on an individual basis, thus negating the open-ended acceptance of cookies from every site that wishes to plant one on a computer, enhancing security to a high degree.

HOW TO DISABLE COOKIES FOR HIGH SECURITY
HOW TO ACCEPT INDIVIDUAL COOKIES WHILE RETAINING HIGH SECURITY
CREDIT CARDS

Many Internet users have been severely shocked to receive their monthly telephone bills with thousands of dollars in overseas calls appearing on them, calls that they were convinced they did not make. Some users have actually been bankrupted by their inability to pay these debts, but wondered how this could have happened to them. The explanation is very simple.

There are a number of ways operators earn revenue from the Internet. Most reputable and well established companies selling goods and services ask for credit card details and it is generally quite safe to provide this information. Some Internet based businesses, predominantly pornography websites, charge for access and demand credit card details for payment of membership fees. Some of them operate legitimately, but others use very devious methods to part unsuspecting or gullible users from their money.

UNAUTHORISED DEBITS

One common method pornography sites employ is to offer low resolution free pictures and video clips to entice users to other areas of their websites, often called protected archives, where they can then be charged for obtaining better quality content. To obtain passwords or further access, users are asked to provide credit card and personal identification details supposedly only to verify age, often with exhortations and guarantees that no charges will ever be made to those cards. In most cases the exact opposite occurs, as users suddenly find amounts debited to their credit cards every week or month, with virtually no means of obtaining refunds.

The forms users are asked to fill in are often thinly disguised authorisations allowing charges to be made to their credit cards and cancelling such authorisations is usually very difficult, if not impossible. Often the only way to stop such continued billing is to actually cancel the credit cards, with the resultant inconvenience that this entails. However these pitfalls are easy to avoid, because as long as users refrain from providing credit card and personal information voluntarily, they cannot be legally billed. Of course if credit card numbers are somehow obtained illegally and the credit cards are used without authorisation, action can be taken to obtain refunds from the credit card providers.

DIALLERS

Most people that access the Internet do so using broadband, so dial-up Internet access is quickly becoming a thing of the past. Nevertheless, many computers still have faxmodems installed and these devices can be used to fleece unsuspecting users of money.

Due to many users now being reluctant to provide credit card information on the Internet, many porn and hacker websites have instituted a far more devious method of extracting money from unsuspecting dial-up users, the main one being the surreptitious deployment of Internet diallers. Their operation is very insidious. Users are invited to download a small piece of software to enable them to view and copy supposedly free pictures, video clips or pirated computer programs. As soon as this software is executed, it literally hijacks a user's dial-up modem and without indicating that anything out of the ordinary is occurring, it dials other numbers, often to third world countries such as Botswana or Nigeria, with huge per-minute overseas call rates. Even worse, these numbers are generally the premium call type that charge exorbitant fees, often around $12 to $15 per minute.

From that point, the call costs quickly accumulate as long as users stay on-line, as they still believe that they are merely connected to their local ISPs. The porn websites receive a portion of these high charges as their revenue and the users receive massive telephone bills. However as the diallers were voluntarily downloaded and run and the calls were initiated from the actual telephones of these hapless victims, they bear full responsibility for paying the bills and there is generally no recourse to obtaining refunds from the websites that employ these diallers.

Anybody who accesses the Internet should be running a good firewall as a matter of course and good practice. Apart from browsers and email client software, very few programs need to access the Internet. If a surreptitious dialler tries to access the Internet, a firewall will indicate this and the dialler can be blocked immediately.

A good measure against diallers is to block access to international phone numbers with a password or PIN. All telecommunications providers offer this service. Then if a dialler attempts to access overseas numbers, it will be stopped dead in its tracks, however legitimate calls can be made overseas by the subscriber just using the password. However, this is not always a complete remedy, as some diallers are programmed to ring a local number and divert a user's international access to another telecommunications provider and thus get access to an international line. For instance a Telstra subscriber can be caught by a dialler program that accesses another service provider such as Optus or APPT for instance, thus negating the international calling block that was put on the Telstra service.

Another good security measure is to block calls to premium services that can charge massive amounts of money per minute, such as the 1902 prefix numbers. Most of the premium services are a total waste of time and money, such as bogus clairvoyants and astrology services. The safest and simplest way to increase telephone line security is to use ADSL or cable broadband and eliminate all dial-up services entirely. If a dial-up modem is installed and not actually required for faxing, it should be removed or disabled.

These simple precautions should be taken to protect against such scams: