Threat Protection - The Human Component

When it comes to protecting users from viruses, spam, and other malware, there's only so much technology can do. The real problem, it seems, is people.

"You can only put so much faith in technology," according to Jamz Yaneza, senior threat analyst at antivirus and content security firm Trend Micro Inc.
"For whatever reason, the knowledge worker doesn't necessarily understand the vastly different perils possible being online, versus pen and paper. Applying the same real-world trust level on the Internet has ultimately been the reason so many users still routinely click on attachments apparently coming from their
office friends and kin."

While large global threat outbreaks have declined over the past five years, malicious software attacks continue to pose a significant threat. The results include lost time, lost resources, and lost opportunities. To make things worse, malware is growing more sophisticated, with attacks presenting even greater dangers than in the past.

In a white paper report published in May 2005, research firm IDC stated that "The motives and intentions of virus writers have changed drastically over the past few years. In the past, amateurs seeking notoriety typically created worms and viruses to destroy data. Today, more sophisticated attackers, often
professionals and organized crime, are increasingly using worms, spam, spyware, and viruses to obtain credit card numbers, bank account information, and other confidential information to perpetrate identity theft or competitive disruption. The sophistication and scale of online frauds and identity thefts are increasing
at a rapid pace."

What's needed to protect corporate and individual systems from the threat of malware? According to Yaneza, the answer includes vigilance, education, and innovation. "External and internal threat issues require organizations and individuals to stay on top of security issues," he explained, "such as having security policies in place, having policies for screening e-mails, etc. There's no answer from a simply technological point of view."

While anti-virus updates, patches, the rise of managed services, and a mix of security protocols and policies present everyone with immense challenges, there is, indeed, a light at the end of the tunnel. It's called shared responsibility.

"Vendors need to go directly to end-users to educate them about safe surfing," said Yaneza. "Threat protection is a never-ending struggle. Everyone has to have some involvement in securing the business."

How to Protect your computer folders

Windows XP has built-in privacy features that allow you to keep specific files hidden from other users who may have accounts on the same machine.

Your files must be located somewhere under your account name in the 'Documents and Settings' folder.

Use My Computer to navigate to the appropriate folder.

Right-click on the folder and choose the 'Properties' option.

Click the 'Sharing tab' within 'Properties'.

Check the 'Make This Folder Private' tick box.

Now if your snooping colleague tries to open the private folder, the system will display an 'Access Denied' message and your stuff is safe.

Panda DesktopSecure for Linux

Planning to cash in on the Linux Desktop bubble, Panda Software released the beta version of Panda DesktopSecure for Linux, aimed at Linux workstation environments. The product is firewall, antivirus and intrusion detection system (IDS) bundle.

Antivirus?
- Panda already offers the Panda Antivirus for Linux, a freeware product. Granted, the latest version is from August 2004, but there are alternatives. ClamAV is a nice enough completely free product, and if you want to spend, there are tons of vendors willing to take your money and protect you from both Linux viruses reported (but not really seen) in the wild.

Firewall?
- If iptables scares you, there are always graphical front-ends one can use. There are wizard-type programs that would configure your firewall for you. If iptables is not enough, I don't expect you'll find it in Panda's offering. Again, many vendors offer dedicated, time-tested and very well supported firewall solutions. “Panda” just doesn't sound interesting enough in IT security circles, yet.

IDS?
- Intrusion Detection Systems can be some of the most complex pieces of software on a network. Most, of course, are very basic - just pattern matching, but others called for enormous development, testing and tuning times.

Pharming for Dollars - Lucrative for Some, Costly to Most

Remember the old farmer's joke:
Q. How do you make a million dollars farming?
A. Start with three million dollars.

While too true to be very funny for a traditional farmer, those numbers may be just the opposite when talking about pharming. This online fraud technique poses a growing threat, and a little investment by its perpetrators can prove very costly to its victims.

Many are familiar with phishing, which is the act of sending an e-mail that falsely claims to be from a legitimate business, in an attempt to trick the recipient into giving away account information, such as passwords. When this is accomplished by hacking, it's called pharming. Pharming is relatively new, but the end result is one of the oldest: financial fraud.

Jamz Yaneza, Trend Micro Incorporated Senior Threat Analyst, said that pharming is probably the most difficult fraud to perpetrate. It entails redirecting traffic at the DNS (Domain Name Server; the Internet version of a building directory) level and capturing this data stream for profit. Pharming poses a threat to online business by eroding trust between entities, thus preventing transactions from happening.

"As people move towards paper-less offices, these online threats can become bottlenecks to progress. Imagine what would happen if people couldn't do online trading, go to online auctions, and basically avoid sending e-cards?" asked Yaneza.

While most anti-phishing solutions are usually end-point oriented; protecting against pharming involves maintaining data traffic flow while preventing its redirection.

"In traffic redirection there are two ways in which this could be implemented that we see today: modification of the Windows HOSTS file and DNS spoofing or poisoning," said Yaneza.

"The first one, HOSTS modification, is part and parcel of most worms that are out in the wild. It can usually be remedied via anti-virus utilities and services."

DNS modification is usually done on a targeted level, say at a particular ISP or enterprise, where a compromised server with administrative rights is online, thus requiring a vigilant administrator to monitor networks against intrusion.

FreeNX on Mandriva

The Linux information site Linux-Tip.net has printed an article on using FreeNX to graphically access a Mandriva Linux server remotely from a Windows client. The guide walks you through installing the FreeNX server on the Mandriva machine, installing the FreeNX client on the Windows machine, then connecting the two together. If you're interesting in learning about this new remote access technology, take a look at the article today.
http://www.linux-tip.net/cms/content/view/216/6/

Mandriva to support IBM's initiative to offer free dataserver

Mandriva announced at the end of January that we will support IBM's exciting offer to provide an open source edition of its industry-leading database server, DB2. The 32-bit edition of Mandriva Linux 2006 has already achieved "ready for DB2" status, and the 64-bit edition will soon be certified at the same level. In the future, Mandriva's enterprise products will include the open source edition of DB2, DB2 Express-C. You can read more about Mandriva's support for DB2 in the press release.
http://wwwnew.mandriva.com/en/company/press/pr/ mandriva_to_support_ibm_initiative_to_offer_free_dataserver

Boom, Boom - TROJ_BOMKA.L

TROJ_BOMKA.L may arrive on a system as an attachment to spammed emails, disguised as a non-malicious dart game to entice users into playing it. This non-destructive Trojan is currently spreading in-the-wild and infecting computer systems that run on Windows 98, ME, NT, 2000, XP, and Server 2003.

A rough English translation of the email is:

Subject: you take one pause...
Message Body:
I send a game flash!

then you send your score to me max... therefore I say how much I have made I to you... I am training myself:)

bye
{Name of sender}
Possible Attachment: gioco_freccette.zip

Upon execution, this Trojan drops and executes a copy of the legitimate game on the system. This action hides its malicious behavior from the user.

It also drops its .DLL component, which it registers as a Browser Helper Object (BHO) to ensure that it runs every time the user opens Internet Explorer.

This Trojan also attempts to connect to several Web sites to download other files or an update of itself. These downloaded files may be other malware, leaving the affected computer more prone to malicious attacks.

Google launched Gmail Chat

The Silicon Valley-based internet search giant introduced Gmail Chat, which allows users to quickly start instant message (IM) conversations with people they are emailing, said product manager Keith Coleman of Google.

"We wanted to make it easy to switch back and forth between IM and email, and let you keep a record," Coleman said. "If you compose an email, with a single click, you can start chatting with them."

"The history of the conversation will be right in your inbox. Gmail Chat treats IM and email the same way, all saveable and searchable," he added.

Gmail Chat is designed to "leave a nice trail, like email" but has an "off the record" feature that leaves no trace of selected exchanges, Coleman said.

Google launched its new Gmail service for the English language interface early on Tuesday, according to Coleman. Gmail Chat service in other languages will be phased in during the next four to eight weeks, Coleman said.

Google's aim is to give internet users another reason to use its site and, hopefully, click on advertising links there, according to industry analyst Martin Reynolds of Gartner Consulting. Google revenues come from advertisers who pay the search engine "per click".

Google's infrastructure enables it to rapidly launch services such as chat or maps, while it has proven skilful at targeting users with advertising that isn't blatantly intrusive, according to Reynolds.

"The one thing they have to be careful of is not driving clicks to advertising sites just to build revenues," Reynolds said, alluding to industry concerns regarding 'click fraud'. "They have to be legitimate clicks."

Google has advocated for an "open federation" that would allow people using email or chat to connect with each other no matter which internet messaging service they use, according to Coleman.

New Worm WORM_GREW.A

A new malicious worm began infecting systems last week, which promises to launch an attack on February 3rd ? and the 3rd of every month thereafter, according to threat researchers at antivirus and content security firm Trend Micro. The new worm, known by such names as Nyxem, BlackMal, Mywife, and CME-24, has infected hundreds of thousands of machines over the past week,
most from unsuspecting users who do not yet know they are infected.

Like most worms, WORM_GREW.A propagates via email attachments and network shares, including popular P2P file sharing services. The email method of transmission employs common social engineering techniques ? including the promise of pictures, pornographic content, or a joke ? to entice users to open the corresponding attachment.

According to Jamz Yaneza, Senior Threat Analyst at Trend Micro, though this worm utilizes common propagation techniques, the code itself is anything but common. ?This is a destructive virus that deletes and overwrites any number of files present on a user?s system, by targeting the most popular file formats ? including .DOC, .XLS, .PPT, .PDF, and .ZIP, to name just a few? says Yaneza. ?In addition to losing a great deal of data, this virus also renders the keyboard and mouse inoperable, thereby leaving the user?s system dead in the water.? Yaneza adds that this is a truly global threat, affecting computer systems in over 150 countries, to date.

Beware the 'sex virus'

A new fast spreading email worm is designed to obliterate all Word, Excel, Access and PowerPoint documents as well as Acrobat and Photoshop files on an infected computer.

And it's set to become active on Friday February 3, repeating the process on the third day of every subsequent month.

Dubbed the Kama Sutra worm — but also known as Nyxem.E, Blackworm, MyWife, and Grew.A — it appears in email inboxes with subject lines like "hot movie", "A Great Video" or "Crazy illegal Sex!", although subject lines and body text varies greatly.

If the attachment on the email is clicked, the virus launches, disabling any installed anti-virus software, and causing the infected computer to send similarly infected emails to every address on the hard drive.

It also tries to spread by seeking out machines on the same local network.

The mouse and keyboard may also be disabled.

But that's just the tip of the proverbial iceberg. The virus also installs the program due that, on the third day of every month, will delete all MS Office, Acrobat and Photoshop files — some of the most common used in day-to-day work.

Apart from targeting the computer's harddrive it's also programmed to hit external data-storage devices.

And according to experts at Verisign, the deletion program works.

The virus first appeared on January 16 but has already racked up numbers of between 300 000 and 500 000 infected machines.

It's possible to tell if you've been infected if you clicked on an email attachment and your mouse and keyboard froze, forcing you to reboot your PC.

To disinfect, reinstall an updated anti-virus program that protects against the worm and scan the system to make sure you haven’t been infected.

Even if you don’t suspect an infection, experts advise updating your anti-virus software definitions and running a full system scan to ensure you haven’t been caught out.

They also advise making regular backups of valuable files.

» The virus targets the following file types:
DMP (Oracle files)
DOC (Word document)
MDB (Microsoft Access)
MDE (Microsoft Access/Office)
PDF (Adobe Acrobat)
PPS (PowerPoint slideshow)
PPT (PowerPoint)
PSD (Photoshop)
RAR (Compressed archive)
XLS (Excel spreadsheet)
ZIP (Compressed file)

How to use iPod as a Hard Drive

It's pretty easy to use your iPod as an external storage device. It effectively becomes a portable hard drive.

* Connect your iPod to your computer as usual
* Open iTunes on your computer
* Select your iPod in the source list down the left of the iTunes window.
* Click the 'iPod options' button in the lower-right corner of the window.
* Select the 'Enable disk use' checkbox. Click 'OK'. Voila
* Close iTunes

Your iPod now appears in Windows Explorer on your PC or on your Mac desktop and you can use it as you would a flash disk or any other drive on the computer.

You must always use iTunes to transfer music to your iPod, though. If you copy music files to your iPod via Windows Explorer or the Apple Finder, you won't be able to listen to those songs on your iPod.

Checking available space

Using the iPod: Go the main menu, choose 'Settings', choose 'About'.

Using iTunes: Choose the iPod in the source list. Below the songs list you'll see bars indicating 'space used' and 'space available'.

Using your computer: Double click on the iPod in Windows Explorer or on your Mac Desktop.

Ejecting your iPod

Before ejecting it, make sure all open files on the iPod have been closed — if they haven’t you won't be able to eject the iPod.

PC: Select the iPod in Windows Explorer; right click on the iPod; choose 'eject' from the pop-up menu that appears.

Alternatively, click the ‘Safely Remove Hardware’ icon that will appear in the system tray on the bottom-right of the monitor.

(These are the same steps you'd follow when ejecting a flash disk).

Mac: Select the iPod on the desktop and drag it to the Trash.

Internet Explorer 7

Despite Internet Explorer’s security holes and general lack of features, Microsoft didn’t deem its users worthy enough of having an upgraded Web browser... That was until the arrival of Firefox and Opera and other like them. A year ago, Microsoft announced that they were indeed going to upgrade to IE7 for XP and Win2K users. Now, that promise is in fruition and we get a first peek at what Microsoft’s new browser can do.

Requiring XP’s SP2, you’ll be able to get your hands on this work in progress, but thankfully for diehard Microsoft fans, you now have your very own up-to-date browser which focuses on three things: security, user interface, and an improved platform. For Security, the two changes that stand out are a built-in phishing filter and new ActiveX defaults. The phishing filter works by scanning a Web page when you browse to it and comparing it against information from Microsoft of fraudulent servers.

For the Platform changes, the one that stands out would have to be the Windows RSS Platform. According to Microsoft , it provides “rich functionality for downloading, storing and accessing RSS feeds across the entire operating system and will enable more users to take advantage of RSS-related innovation. Support for the Windows RSS Platform means that once a user subscribes to a feed in one application, that subscription and all the associated content will be made available across the operating system to any application available to make use of it.”

For the user interface, hold onto your hats folks 'cause this is huge, Microsoft has actually included, get this Tabbed Browsing Gasp! You also get a Favorite’s Center which takes the place of your old favorites.
So a quick recap:

-Built-in phishing filter and new ActiveX
-Favorites Center
-RSS Feeds
-Quick Tabs (a preview of all the available tabs. It displays thumbnail views of all the tabs in a single window.)