A New Way To Spread Viruses Using Google

This technique to spread viruses was only just discovered, and it’s clever.

Firstly it’s based on the assumption that people trust Google (which is a fair assumption since Google has done a lot to maintain good ethics and to help users avoid malware). So when people see a link to a Google site they would naturally assume it must be safe to click on.

Now someone sends you spam and in the body of the email is a link to Google’s website. The link is a clever trick that takes you to a gambling site containing a virus. How does it work?

On Google’s search engine there is a button called “I Feel Lucky“. This has been a distinctive feature of Google for many years and when you click on it, instead of showing you a page of results, it takes you directly to the first website. Now someone wishing to spread a virus just has to come up with some search terms that places their website at the top of Google’s results. Then they paste the link that created that search, with an option to take you straight to the “I Feel Lucky” link.

In short, it’s using a little known feature in Google to take you to someone else’s website, and the rest is reusing the usual spam and virus techniques.

For now this has been observed in spam emails and we should expect it to appear in other places such as websites, forum links, Facebook etc.

The best defence against this is to use a good antivirus package, one that checks webpages as well as the traditional virus checks.

It’s also good to pay attention to links before you click on them. Look out for things related to online gambling or pornography as these are the most common websites used to distribute malware.

And Google will most probably improve their systems to filter out exploits such as this one.

Harmful Websites

It seems Possibility Media’s websites have been hacked. There are a few interesting things to learn here. First have a look at the following screenshot:

Possibility Media
At the time of writing (28 Oct 2007) if you go to Google’s website and search for the term “possibility media” you’ll get the results shown above. Google found the correct website and if you look closely there’s a warning that “This site may harm your computer“. If you don’t notice this small writing and just click on the link Google will display a large warning spelling out the risks. This is a very nice security feature provided by Google. They use a 3rd party tool to analyse websites for malware and make it difficult for you to load a website that contains harmful code.

The other thing to note is that Possibility Media’s websites have been hacked and contain harmful code. It’s still unclear what damage this can do to your computer (it’s currently being investigated by antivirus companies). Some of their other websites that have also been hacked are:

  • webweekmag.com – Web Week Magazine
  • itweekmagazine.com – IT Week Magazine
  • technologyweekmag.com – Technology Week Magazine
  • theinternetstandardmag.com – The Internet Standard
  • securitystandardmag.com – Security Standard

Hopefully by the time you read this it would have been cleared up. The purpose of mentioning these websites is to point out that common websites that have completely legitimate businesses behind them are still vulnerable to malicious tampering and that it can affect pretty much everybody.

There are a couple of things you can do about this:

  • Use a good antivirus program on your computer. To be effective against this type of attack it needs to do something called “web filtering”.
  • Keep your antivirus software updated. This usually requires a paid (yearly) subscription.
  • Use an alternative web browser. I haven’t written about this yet but consider using either FireFox or Opera.

Adobe Reader Vulnerability

If you use Windows XP and have Adobe Reader version 7 – 8.1 you need to patch it. Use Adobe’s built in patching system to update it.

The vulnerability was discovered last month and there are already exploits that can allow attackers to take over your computer. Interestingly one of the known vulnerabilities was created by a Russian online crime syndicate called RBN (Russian Business Network). They’re responsible for a large amount of online crime.

A bulletin from Adobe is here, for reference.

How many organisations get hacked? A lot.

This article explains that a large number of organisations have security breaches in their network and they mostly go unreported. This makes sense as it would be bad publicity to acknowledge that their customer’s records are vulnerable to hackers. Still it’s important for everyone to be aware how often it really happens.

It’s also important to keep in mind how much information you provide to companies. Personal details like a drivers license number, date of birth, mother’s maiden name etc often aren’t necessary to do business with a supplier. All this information, including marketing information, is often stored for years by companies. Whether or not they have a privacy policy the information is there, and people like hackers don’t abide with privacy policies. So be aware of what information you divulge.

And it’s really up to every organisation to be accountable for their security. At the moment the laws in most countries aren’t strong enough to enforce this, so not much will change until matters get worse.

PCLive – A Free Security Suite

One of the best methods of encouraging people to upgrade their computer’s security is to provide the tools for free. This security suite, PCLive Security, bundles a free antivirus product (ClamAV), a personal firewall and a popup (and adware) blocker. I haven’t had a chance to test it but it certainly looks promising.

There’s a paid version that also offers support, a hard drive maintenance module and a file optimisation module and a few other extra features. The price is US$4.95 a month, which is on par with other packages.

There’s a review here with a response from the CEO of PCLive providing a better idea of what it can do.

Wireless Security

Wireless networks are common, especially in homes. They offer quite a few advantages (and often cause a few frustrations), and in a lot of cases it just comes built into the modem/router. It’s also another point of entry into your network (and your computer).

Risks:

The risk that a wireless network poses is mostly unseen. The more powerful and efficient the wireless equipment is, the further away it works from. Eg, your neighbours, passing cars, pretty much anyone within a few hundred metres radius of your home or office. In fact, an office is a greater risk because there’s likely to be other offices nearby and the data accessible from an office network would be more valuable.

Solutions:

I’ll get straight to the point here. The following solutions exist. Read on to learn which ones are good to use and which are completely useless:

  • WEP [not secure]
  • WPA [secure]
  • WPA 2 [secure]

Of these only WPA and WPA2 are secure. The WEP algorithm was cracked years ago and there are easily available programs to hack into a WEP protected network. It doesn’t matter how many bits of security are used, anyone who wants to connect to your network is able to with little effort.

WPA and WPA2 can be implemented in a few ways, and for homes and small offices the PS-KEY is the preferred method. This uses a PreShared Key, and you should really use at least 20 random characters. Medium and large organisations should be using something called a Radius server.

WPA2 has a few advantages over WPA:

  • It uses a more secure algorithm, meaning it’ll be some time before someone cracks it (eg, a few years)
  • WPA is vulnerable to denial of service (DOS) attacks, meaning that more advanced hackers can make a WPA network stop working (but at the moment cannot hack into it). This would be a nuisance for home users, and more than a nuisance for business users.

So why doesn’t the whole world user WPA2? WPA2 is fairly new and not many products support it. It seems to take years for computers, phones, and other gadgets to start using new protocols.

Since WPA has been around for a few years why doesn’t everyone use that? Again when wireless networks were first introduced a large number of devices were made that only supported WEP. Manufacturers were slow to update their software, and most consumers didn’t understand wireless security and hence didn’t care if it supported WEP or WPA, so the manufacturers had little reason to provide updates.

WPA is considered secure at the time of writing (2007). When the standard was created it was rushed and the main goal was to fix security problems without having to reinvent everything. So it was a compromise and it’s only a matter of time until some clever hackers come up with a way to break it. When that happens you’ll hear about it on this site.

So in summary,

  • If all your devices (wireless router, computers, games consoles etc) support the new WPA2 then use it.
  • If all your devices support WPA but not WPA2 then use WPA and do some research every now and then to see if it’s still safe (keep reading this site).
  • If at least one of your devices is limited to the old WEP standard then you can either
    • accept that your neighbour could break into your network and use it to download or upload whatever they want, or
    • decide not to use wireless at all, or
    • replace or upgrade your devices.

If in doubt ask, or do some research.

“Microsoft Security Update” Emails

There have been some bogus emails recently with a subject of “Microsoft Security Update“. It contains a whole lot of text encouraging you to click on a link to install a security update. If you look at the email carefully you might notice that it contains a link to a website not owned by Microsoft, and instead it will attempt to download and install a virus.

How are you supposed to know it’s false? For a start Microsoft probably doesn’t know who you are or what your email address is. If you’re a home user it’s very uncommon (and unnecessary) to register your address with them. And even if you did, email is not the method Microsoft uses to advise you on updates or to distribute the updates.

For business users, you have an IT department that takes care of all updates. You shouldn’t be trying to install security updates so treat any such email as bogus.

Bottom line: delete these emails. Any good spam or virus filter should catch most of them, and it’s best to be cautious.

Protecting A Home Computer – First Steps

This article covers the most basic proactive measures you can take to protect your computer. It’s been written with a single home computer in mind – small and large offices need completely different solutions and they’ll be covered in a future article.

So you have a computer and are aware of the dangers present on the internet. You’d like to feel safe with as little effort as possible, and you’re even prepared to buy some antivirus software. Where do you start?

Anti-virus software is one line of defence, but you can’t rely on this alone. Online crime has advanced so much in the past few years that viruses are probably the least of your concerns. Nevertheless you still need an antivirus solution.

Viruses are programs that install themselves onto your computer and do something unwanted. Some are worse than others (it could delete your files, let hackers log into your computer, and copy itself to other computers). Antivirus programs scan everything on your computer and match it against a list of known viruses – new computer viruses get created every day. So yesterday’s antivirus software won’t protect you against today’s threats (it’s a fast paced world). What you need is a way to update your antivirus software every day. This is usually called a subscription, meaning you pay an annual fee to get the latest updates every day.

Some home users have outdated antivirus software. It probably came bundled with the computer with a 3 month trial subscription, and it probably expired. Some people think it’s ok to copy antivirus programs from a friend (which is morally wrong and illegal) and without paying for the subscription it won’t protect you. Bottom line here: pay the annual subscription.

The next line of defence is protection from trojans. The simple explanation is that some programs you download (or sometimes buy) include a hidden bit that connects out to the internet and does something bad without your knowledge. There are two things you can do to prevent and control this very serious problem:

  1. Be aware of what you download. Only download programs you really need and preferably from sources you trust. Although this may sound vague it gets easier with experience.
  2. Run a personal firewall. Read below on how this can help.

A personal firewall is a program you install on your computer that stops unknown programs from connecting out to the internet. In other words, it becomes very difficult for a “bad program” to use the internet without your permission. Windows now includes a firewall program but it’s worthwhile paying for a better one.

You also need to learn to use it. In its most basic form a personal firewall with ask you for permission whenever it finds a new program (attempting to connect to the internet). If you blindly click Accept then you haven’t really achieved any better level of security. You should take a moment to read what the message says and consciously decide whether or not to allow it. Don’t fall into the habit of clicking Yes to everything. In most cases if you’re intentionally telling a program to use the internet then you would want to allow it. Again this becomes easier with experience.

Lastly, the other main line of defence for a home computer is to keep it patched. Windows is not perfect (and neither is Linux or MacOS) and the programmers generally find ways to improve security. They release a patch and it’s up to you to apply that patch to your computer. This is often automatic, and for beginners this is how you want it to work. Windows XP and Windows Vista will let you know if patches are not being applied manually (in which case you should do this at least weekly). Patches can be applied by opening Internet Explorer and selecting Windows Update from the Tools menu, then following the prompts.

In summary there are three facets to securing a home computer:

  1. Use antivirus software. It’s important that it receives updates at least daily
  2. Use a personal firewall. Learn to read the messages it gives you and use it properly.
  3. Keep your computer patched. This can often be automatic.

I think that’s enough for now. Each of the above three areas requires further articles, and there’s still an awful lot more to be learnt. I have deliberately avoided suggesting any products. This also warrants its own article and the market changes so fast that a recommendation would be out of date fairly quickly. Expect to pay about $100 per year per computer. This is reasonable considering that a computer typically costs over $1000 and your bank account could contain significantly more.