Monthly Archives: January 2008

DNS Poisoning

Posted by on 12 January, 2008 1 comment

DNS poisoning is an attack that’s becoming more widespread and it can affect most people using broadband.

Here’s a summary on what it is, how it can affect you, and what you can do about it.

Every time you use anything on the internet, including reading web pages, reading or sending emails, online chatting, etc, you use domain names (even if you don’t realise you’re using them). Domain names could be www.google.com, or www.fraudo.com, etc. They’re just addresses on the internet.

Your internet service provider (ISP) would have a machine in their network that your computer uses to look up these addresses. You won’t realise you’re using it but your computer definitely needs it (and it’s called a DNS server).

A DNS server is a phone book of web addresses.

Here’s how things work on a healthy environment (click to enlarge):

click to enlarge

You try to load up www.fraudo.com

  1. Your computer finds the DNS Server and asks it "where’s www.fraudo.com?"
  2. The DNS Server responds ("there it is –>")
  3. Your computer finds FraudO on the internet

All’s good and everyone’s happy browsing the internet. Along comes someone trying to hack your system. They make a change to your modem/router, telling it to use someone else’s DNS server.

How do they do this? The most common method today are viruses that break into routers and change settings. We’ll cover these another time.

Here’s how an environment looks when it’s been DNS poisoned (click to enlarge):

click to enlarge

Instead of using your ISP’s DNS server, it’s using a bad DNS server. The bad DNS server tells your computer how to find the evil websites instead of the real ones.

If this happens chances are you wouldn’t know how or why, it can be difficult to see what’s happening.

To prevent things like this happening here are some tips:

  • Change the password on your router. Everyone knows the default password (here’s a list of all the default passwords, find yours in the list)
  • Use a good virus scanner that scans all web pages, emails, and files
  • Keep your virus scanner up to date

Critical Microsoft Patch

Posted by on 9 January, 2008 No comments

A (new) flaw has been discovered in Windows that Microsoft regards as critical. And they’ve released a patch to fix it. If you’re computer(s) use the following then you need to install the patch now.

  • Windows Vista
  • Windows XP
  • Windows Server 2003

Electrical Tape That should cover pretty much everyone using Windows at home and at work, and both servers and PCs.

To apply the patch use Windows Update in Internet Explorer (in the Tools menu), or if your computer is set to automatically download and apply patches then it’ll be applied automatically overnight.

This one’s pretty serious so don’t delay. More information on Microsoft’s web site.

iPhone Trojan

Posted by on 9 January, 2008 No comments

There’s an iPhone download available on the internet that is actually a trojan. After you install it, and when you try removing it, it seems to cause problems on the phone.

It’s called the iPhone firmware 1.1.3 prep tool, and people are being told it’s required before they can upgrade to version 1.1.3 of the iPhone. Do not install this application, just ignore it.

Update: it seems this utility was written by an 11 year old.

New MSN Virus – New Year Photos

Posted by on 8 January, 2008 No comments

Another virus/worm has been spreading on MSN Messenger (also called Windows Live Messenger). It sends you a message with some text encouraging you to download some photos, then it sends you a file called:

Photos1-2008.zip

This zip file contains the virus. Ignore any messages you get with a file with the above name.

Can Apples be more secure?

Posted by on 8 January, 2008 No comments

camoThe US Army has been upgrading their servers and workstations to Macs and are claiming they’re harder to hack (i.e. they’re more secure).

The primary reason they state is that fewer attacks are written for Macs than for Windows. This seems true for now.

One common weakness between all operating systems (Mac, Windows, Linux, etc) is the user. People can be tricked into clicking on things or carrying out other hazardous tasks no matter what computer they use (this is where security education comes in).

More details here.

Identity Theft From Call Centres

Posted by on 7 January, 2008 No comments

Identity theft can happen in many ways. Before computers people just stole mail from letterboxes and documents from people’s wallets (watch the movie Catch Me If You Can for an example).

Call centre dummy Then when the internet came along criminals starting tricking people into handing over personal details, or they employ hackers to write spyware that achieves the same result.

A new identity theft trend emerging in the world is coming from call centres. Staff working at call centres have access to the person details of a lot of customers, and since a lot of call centres have been outsourced to countries such as India, the Philippines, etc, companies are having a difficult time keeping things under control.

There’s an article here that mentions a few of the crimes happening in call centres. In summary:

  • Using mobile phones to take screenshots
  • Quickly copying people’s details into hidden books
  • Using USB drives to copy data

Theft of personal information is serious. The information can be easily sold, especially if staff feel they’re underpaid (a likely situation for overseas call centres).

It’s good to remember that in this day and age your personal details can be known to many parties, there isn’t much that’s still personal or secret. Be selective in what information you give to companies. And as mentioned previously don’t give personal details to call centre staff when they call you (instead of you calling them).

Ichitaro Exploit

Posted by on 5 January, 2008 No comments

japaneseIt’s worthwhile pointing out that malware exists in every country and in every language. An exploit for a Japanese word processor called Ichitaro has been found.

When it’s used to open a .JTD file on Windows XP (with Service Pack 2 and running in Japanese) it’s possible for someone else to take control of the computer.

A patch was recently released by the manufacturer of Ichitaro, apply it from JustSystem’s web-site here.

Fake Security Renewals

Posted by on 5 January, 2008 No comments

There’s a trojan that has a tricky way of extorting money from users. It begins with a computer being infected with this particular trojan.

Then it shows an image on your screen (that won’t go away) telling you that you need to renew your security software (whether or not you have security doesn’t matter, this shows a fake screen). It gives you two options to pay for an update, both of which are part of the scam, the money goes into the pockets of the people who have spread this trojan.

Method 1: it asks you to send an SMS to a premium service, which costs you £10 (or the equivalent in your currency).

Method 2: it asks you to call a phone number, which is also a premium service and costs you the equivalent of US$35 (different prices and currencies in different countries).

Have a look at the screen-shots on this web page to recognise the fake renewal request.

The message reads (complete with spelling errors):

Browser Security and Antiadware Software component license exprited! Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows and threatens with infection of your computer by harmful viruses, adware, spyware, etc… You strongly need to update your software to avoid infection and losting information from your computer. Please complete procedure of software update

If you come across this, or any other similar scam never ever pay them any money, or call the supplied phone number or SMS (otherwise you’ll be out of pocket a small amount of money).

Penny Stock Scams Now Using Videos

Posted by on 4 January, 2008 No comments

The penny stock scam involves convincing people that a particular share is worth investing in, and in effect inflating the price on the stock market.

penniesIt’s a scam and you shouldn’t be taking financial advice from random strangers on the internet.

In the past I’ve written about mp3s being used to send this scam. Now scammers have created videos to spread their (false) messages. The videos (usually 30 or 60 seconds long) appear highly professional in quality, and come attached to an email.

Notes:

  • This scam is also called a pump-and-dump scam
  • These emails have been found to begin with the words "Jump on the wave" or "Take a look at this 60 second video to start"
  • Other forms of this scam use synthesised speech, PDF documents and Excel spreadsheets to promote their stock.
  • In September last year some individuals pleaded guilty to this type of scam, they had made over US$20 million from it.