Reads this if you use online banking

February 27, 2007

Ever heard of phishing? It’s the process whereby someone tries to lure you into divulging personal details, (username, password, account details etc), usually by sending you a mail that appears to come from your bank explaining that their servers are to be upgraded, and asking you to follow the link and re-enter all your details.

Well, last week a major pharming attack hit users of 65 banks in the US, Europe and Australia. Pharming is kind of a step up from phishing, because you don’t need to click on a link in an email. Basically what it does is recognise when you wype in the url for your banks site, and redirect those requests a duplicate site. In last weeks case, all the information keyed in by users was subsequently forwarded to the banks in question, which of course makes the problem harder to detect. But by the time the banks received the information entered it had already been captured by the guys behind the scam.

According to Yahoo news, target institutions included Bank of Scotland, Barclays Bank, eBay, Paypal, Discover Card & American Express.

The whole thing seems to have been launched through a trojan known as Burglar.A, which in turn downloaded a number of other Trojans. Keylog.LN, which captures keystrokes and looks for user login details, Banker.CLJ which carries out the pharming scam, FileStealer, which installs a web-server on the PC giving the authors remote control of the server, and Sters.P, designed to prevent users and programs from contacting their websites for security updates.

So overall this was a really nasty little piece of code. The Internet is a fabulous place, but to quote Hill Street Blues….Let’s be careful out there!

Advertisements

Why Nasty Hackers Target Nice PC Users!!!

February 26, 2007

Last week I was explaining to a client about how hackers operate, and they simply didn’t believe that anyone would want to hack into their systems. After all, they’re a micro-business operating in the south-east of Ireland. In global terms they are a complete non-entity.

One of the great things about the internet is that you don’t have to be a multi-national corporation to have a multi-national presence. A single PC in the kitchen can provide services to companies all over the world. And that’s what makes every PC a target for hackers. The Washinton Post reported on this last week:

“Last month, a number of anti-spam Web sites came under a sustained distributed denial of service (DDoS) attack, an electronic assault during which the attackers use thousands of compromised personal computers to overwhelm a target with so much bogus traffic that the PCs can’t accommodate legitimate visitors.

The attacks were made possible by tens of thousands – perhaps millions – of computers infected by the recent e-mail virus known as the Storm worm.”

This is just one example but it explains how important it is for every PC to be properly protected. The Storm worm is now particularly ingenious in the way it works. It hit the internet at a time when they’re were particularly bad storms raging across Europe, which helped it spread, but it can be blocked by most commercial security products.

The problem here is that people will go out and spend €1000 on a PC, and then be reluctant to spend €30 or €40 on a decent internet security product. Even the free products like avast and avg provide good levels of protection. I don’t believe that people are that stingy, so surely the problem is a lack of awareness.


Recovering deleted files that were Not backed up

February 12, 2007

I mentioned last week about how important backups are, because I have a client who has lost almost 3 years work when someone decided to do a “tidy-up” job on the server.

Well, unfortunately for my client, they hadn’t got all their data backed up. I ran a restore job and recovered a lot of the missing data, but they are still missing some important files and folders.

Tomorrow I’m heading in with some data recover tools to see if we can “un-delete” these files, but I’ve never used these products before. My message to the client was that this is a long shot but we’ll give it a go and see how we get on.

Tune in tomorrow to see how we get on. Same Bat-time. Same Bat-channel.

BTW the two products I’m trying are File Scavenger 3.1 and Stellar Phoenix (FAT & NTFS) 2.1


How To Battle Spam

February 9, 2007

I just checked my spam filtering service, and according to their website, 70% of emails passing through their scanners is identified as spam, with a further 3% flagged as viruses. MessageLabs, a leading player in this field has the number slightly lower at around 55% & 0.5% respectively.

Other industry sources, (probably with a vested interest), often report spam figures up around 90%, but even at the most conservative, it’s reasonable to say that at least 1 in every 2 emails sent is spam.

For some people, (the lucky few), this never becomes a problem, but for the rest of us it can be a real pain. So what can you do about it. Well, the easist way to combat spam is to avoid it in the first place. You can do this by being careful with your email address. Don’t put it on forms, (written or online), don’t share on the internet, don;t give it to people unless you know them very well, etc.

Great advice but not always practical. So what else can you do? Here’s 4 simple steps that can help reduce the problem.

1. Do NOT un-subscribe from an email you receive. It just lets the spammer know you exist so you will be inundated with mails

2. If you do have to fill in your email address online, check out the privacy statement on the website.

3. Read the small print before you tick (or leave blank) the box. Some of these forms are very sneaky. Like when they have two paragraphs with tick boxes. Paragraph 1 says ticking the box means you agree to receive mails etc, and paragraqph 2 says ticking the box means I do not want to receive mails. Unless you take the time to read properly you will be added to the list.

4. Implement a spam filter. It can be either a local one, (on your PC or server), or an external one, catching mails before they hit your network, or both. There are pros and cons to both options but at least use something. You will need to monitor it, particularly in the early days, but once it’s been running for a while the amount of monitoring required decreases.

Spam is becoming more and more of an issue for computer users, but there are answers out there. Don’t sit and moan, do something about it.


Anti-Virus Software V Internet Security Products

January 28, 2007

There’s a big debate going on in the computer security world at the moment about whether you are better off running different software vendor’s products for different security functions.

For example, should I use F-Secure anti-virus and Zone-Alarm firewall, or should I select a single product from F-Secure or Zone-Alarm that will do the whole lot.

The advantage of a single-vendor is that you can be sure that different products will not conflict with each other. For example, either of the two companies I referred to above operate Internet Security products that include virus protection, spyware protection, firewalls, etc. You would have no guarantees that one companies AV product will run smoothly alongside another’s Anti-Spyware program.

On the other hand, if you put all your eggs in one basket, you are at risk too, particularly as malware writers have been known to target specific security vendors.

I don’t think there is an easy answer to this. I use a mix of products I know well and trust, but many people don’t have the space and time to spend looking at different options. On that basis, I would recommend going for the Internet Security package, rather than a combination. Both F-Secure and Zone-Alarm are excellent products, though there are other good ones out there.

For info on the best security products check out the link below. Some of these are free and some are not but they are all good products that should do a decent job for you. https://simplecomputersecurity.wordpress.com/2007/01/22/best-free-stuff/


Money Money Money

January 24, 2007

I just came across this recently and decided to give it a shot. It’s basically a way to kick-start your internet business, and start earning straight away. I’ve already got an e-book written, (quick plug – check out www.secureyourbusinessnow.com), so this will compliment that and hopefully earn me a few bob extra at the same time.

You can find out about it at www.easypathtosuccess.com


Best Free Stuff

January 22, 2007

People are forever asking me whether their anti-virus or desktop firewall software is any good. Obviously I have my own preferences, and I tend to use a combination of different vendors products, but I’ve put together a list of the ones I think are the best, sorted by category. Many of these products are free for home use, or for a 60day evaluation, so use them and then decide for yourself whether they work for you.

As I said, this is my list of favorites, but I’m always interested to hear other peoples opinions, so if you have a product you think belongs on the list let me know.

The full list is available on http://www.secureyourbusinessnow.com/toolkit1.htm, and it covers anti-virus, spyware protection, desktop firewalls, spam filters and desktop backups.