23. May 2008 by admin.

I was recently reading about yet another security breach that has been discovered. This time, a supermarket chain in the Northeast says that in excess of 4 million credit card numbers have been exposed… Here’s the story.

However, stories like this are no longer a big surprise… through newspaper headlines and the six o’clock news, we have been made aware of such breaches happening to the likes of TJ Max, Google, and the United States Navy. I am just amazed that it doesn’t happen more often… or does it?

Malware today is focused on financial gain. Long gone are the days when virus writers simply tried to outdo each other for big glitzy headlines. Today, stealth and guile are the more important attributes of a successful attack. By not making its presence known, the malware just sits there, day in and day out, communicating with the bot master, sending him, or her, our credit card numbers, bank account information, passwords, Social Security numbers and everything else we hold dear.

I wouldn’t be at all surprised to find that 90% of the fortune 500 systems are infected by bot-net Trojans and worms.

If I were the author, I would go about it a little differently. I would write a multi-tiered Trojan with dozens of versions that are significantly different; much like a polymorphic virus.

My hypothetical Trojan would just sit there until a specific date and time, synchronized through NTP, then activate all copies at once. This concerted effort would be intended to initially overwhelm the system. As the victims became aware of the Trojan, and a method became available to remove it, the next tier would discover that fact and start its own activation timer.  That way, by not activating immediately, it wouldn’t be as likely to be discovered in the recheck that inevitably follows a disinfection process. People forget quickly, it seems.  When a certain time had elapsed the process would start all over again until all tiers had fired and delivered their payloads.

How do these units get infected in the first place? Who knows?  While the most expected method is email delivery and removable media, there are so many other avenues of attack it is almost impossible to defend against them all. Not every infection comes from visiting porn sites or pirating software and serial numbers. There are now traditionally legitimate websites that have been hacked and infected. Just browsing to one of these sites can result in a “drive-by” infection.

The way most infections are discovered are by traditional signature-based anti-malware programs, due mostly to their prevalence in the marketplace.. Unfortunately, by the time the malware is discovered, the signatures written and the updated signatures distributed and installed, much of the damage has already been done. This is commonly referred to as a “Zero Day Attack” and accounts for more and more malware damage.  That’s why I usually suggest anti-malware programs that work on the so-called “whitelist” principle of allowing known clean programs to run and denying those that can not be validated, whether infected or not. It may be a little more inconvenient, but then again so is identity theft or having your bank account drained.

Go here to download an ebook on malware.

Next time… What IS the best defense?

Good Luck and Good Computing.

From way down in the trenches… Tom

Custom Search

Posted in Virus, Worm, Trojan, Malware, Troubleshooting, Computers | No Comments »

23. May 2008 by admin.

Here at my Delaware computer support business, there are few things in our world that are more painful then when a user’s PC  lets them down. We would rather keep you up and running then have to fix it after it’s broken.  Some people call that being proactive but I call it plain old common sense.

We all know that computers are just an arrangement of parts, and all these parts have a finite life. Put another way, the failure rate of every computer component ever made is 100%.  At some point in time, it WILL fail.  Even worse, it has been my experience that they will fail you at the worst possible time… some kind of eKarma thing maybe.

Today I got a call from a user who could not find a file he had been working on. It seems he started a spreadsheet several days ago and had been adding to it ever since. Apparently he was developing some real high powered formulas and had taken a break to rest his brain. He booted his PC, opened Excel, clicked OPEN, looked for the spreadsheet he had been working on, and it just wasn’t there.  He spent an hour looking for the file before calling me. Fortunately, I was able to connect remotely, and use a recovery program to find his file… Unfortunately it wasn’t the most recent version, so he had to reconstruct about three hours work.

The question here is… what actually happened to the file? He is a very experienced user and he swears he saved it normally…I believe him.  The point I am trying to make here is, sometimes there just isn’t a good explanation for what happens… like I said… eKarma ? I don’t know… do you ?

Custom Search

Good Luck and Good Computing.

From way down in the trenches… Tom

Posted in File Recovery, remote support, eKarma, Troubleshooting, Computers | No Comments »