Beware of Michael Jackson Malware

There has been a couple of malware attacks that have tried to use the news coverage of the death of Michael Jackson as the lure to get people infected.

The malware is a file called Michael-www.google.com.exe. This file was distributed through a site called photos-google.com, photo-msn.org, facebook-photo.net and orkut-images.com. Do not visit these sites.

When executed, Michael-www.google.com.exe drops files called reptile.exe and winudp.exe. These are IRC bots with backdoor capability. The file also shows a fake error message "Picture can not be displayed.".

The virus is detected as Trojan.Win32.Buzus.bjyo by major antiviruses.

Security for Me: Social Network Passwords for Job Applications?

A recent news article from CNN shows that the city of Bozeman, Montana, USA, has been pressured into removing an item in its background-check waiver form requesting all applicants for to disclose their account names and passwords for social networking websites such as Facebook, MySpace and Youtube.

Now, who in the right mind would do that really give up their log-in details? I bet they provide fake ones or just ignored the request...

My advice if you ever encounter this: this is privacy invasion. Do not disclose them in any way to anyone. Just reply if being asked "my personal life has nothing to do with my professional one and my private credentials are my own and they do not make subject of your concern".

It is common for employers to read applicants blogs before an interview (this happened to me also), but they usually inform you about that. This statement was addressed to me recently and it was quite pertinent: "I have read your blog located at lusuthegost.blogspot.com and saw this remark of yours ... Can you detail this for me?". That one is normal and expected especially since I have included the blog address in my CV. If you wonder why did I ever do that is because my posts are related to security, Windows and programming and it shows some community activity which counts to some extend for a job application.

Security for Me: Applications

It's time to go back to blogging, this time with a interesting topic for non-advanced users. You may ask why I link applications with security. The answer to this is simple: any application can be exploited by hackers to gain control over your computer and/or steal you confidential information. Did I said "any"? Yes, any, read on.

How do they do it?

Any application has (the technically called) buffers and stacks as part of they normal operation. If the developers of that application forget to add a test or two, the attacker can use that information and overflow them causing the content to "spill out" over the original application code. When this happens, the original code is overwritten by the malicious code and... voila!

Now... don't get paranoid and consider every application as a threat. Usually they are secured and regularly updated. Hackers tend to attack popular applications such as WinAmp, iTunes etc. because it makes sense to attack an application that is used by several million users than to attack an application that is only used by one thousand users.

However, be suspicious about your online programs (chats, browsers, file sharing etc.) and security ones (antiviruses, anti-spyware etc.) and make sure they are up-to-date always. If you wonder why I say to be suspicious about your security programs then keep in mind this: if they are not up-to-date they may not see a new threat and, worse, they can be exploited big time.

What can you do to stay protected?

Update your applications to their latest versions. Some of them provide mechanisms to automatically check for updates so leave that option active. If there is no such option in your program just remember now and then to visit the vendor site and check manually for a new version.

Alternatively, use a tool such as F-Secure Health Check (http://support.f-secure.com/enu/home/onlineservices/fshc/front.html) that provides an automated verification method. I am not affiliated in any way with them, this is not a commercial. F-Secure is a company that provides security products such as anti-viruses and it is well respected and deserves credit for their free tools.

Should I be worried?

Not really, but keep in mind those ideas and think twice before disabling automatic updates to any application and operating system... Make a habit of updating applications to the latest versions and read for yourself some security news blogs to be up-to-date with current major threats.

Security for Me: Internet Surfing

One of the biggest problems today is to surf the Internet safely. Contrary to some may think, Internet surfing is not safe unless you personally take care of some things.

Why it is unsafe? Because you can access by mistake a site that has malicious intents and that use vulnerabilities in your browser to install on your computer some viruses or spyware, to crash your system completely or to steal your credit card information or other personal data.

So you need to make it safe...

• First: always use the latest version of your browser. Internet Explorer is currently at version 7 for Windows XP and newer and it is still at version 6 for Windows 2000 and lower. However that one is safe too. Firefox updates more often, current version at the date of this post is 2.0.0.9. Other browsers also update regularly, so check their vendor sites.
• Second: always install the patches for your browser and you operating system. While browser patches are obvious in the sense that they fix problems with your browser, the operating system patches are not so obvious. In short, it may not be a problem with your browser at all, but a problem in your system that can be exploited via your browser.
• Third: install an anti-spyware and an antivirus. See my article regarding those issues at http://lusutheghost.blogspot.com/2007/11/security-for-me-antivirus-programs.html
• Forth: keep away of strange or suspicious sites. Your browser usually notifies you that a site is malicious and blocks it by default. Please read carefully what your browser is reporting before continuing. Some antispyware and antivirus software may also block some sites. Take their advice and leave that site immediately. However if the antivirus kicks in, the site is automatically blocked with no chance to continue on it, which is a good thing.

There is the myth that Internet Explorer is not as safe as Firefox. Unfortunately this is exactly backwards (but things are improving). Opera is in fact the fastest and the most secure Internet browser. Don't take my word on it (as some my say that I am a Microsoft fan...), take what experts are saying. A good article, with quality and reliable sources is http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html

Another thing is to be very, very, careful when entering your credentials (passwords, credit card details etc.) in forms on various sites. Please double check the site and its intent before proceeding. There are lots of legitimate sites that for example process your credit cards in order to sell you something online, and this is good. But there are even more sites that pretend to sell you something (like man potency pills, "original" software or quality watch replicas at incredible low prices) but in fact they simply steal your information so they can empty your account. No legitimate site will ask your credit card pin code! If you encounter such site leave immediately!

Also some banks offer online banking services where you have to authenticate with either a security device (one time code generators), with security certificates or with one time scratch codes. The later are not so secure as some sites may trick you in providing the next 10 codes in order to "verify your identity". Big mistake to provide those!

Do you have any other tips? Please feel free to comment and share with everyone!

Security for Me: Antivirus Programs

I was thinking in explaining to you what an antivirus software is, but Wikipedia does it better in this article: http://en.wikipedia.org/wiki/Antivirus_software. It is an excellent one, take my word on it. Anyway, in short an antivirus software tries to detect and remove several types of malware. Therefore the best way to protect against such threats is to play a little defense on your own.

• First, whenever you install an OS, do it with the network cable (if any) disconnected! (well, unless you do a network install...). Viruses are so versatile those days that they can infect your computer while it is still installing. Yes, that does happened! No kidding! How it is that possible? Easy... The OS will activate the network card so it can set it up and configure it. The firewall is usually down and there are no patches installed at this point... This is the critical point actually.
• Second, always patch your computer! Turn on Automatic Updates in your OS! This is crucial so the updates get installed before a virus hits you on a known vulnerability. Personally, as an "advanced user" I have the Automatic Updates set to notify me about the patches but not download nor install them until I say so... This way I have a chance to review them. But I know what I am doing, and most of the people don't have a clue what a "buffer overflow that could allow remote code execution" is... So, if you fall in the second category, just leave the settings to automatic download and automatic install.
• Third, keep your firewall running! Read my article on firewalls intro: http://lusutheghost.blogspot.com/2007/07/security-for-me-firewalls.html
• Forth, keep the antivirus software running and up to date! Leave the automatically updates feature of the antivirus on! Read the instructions on how to do that (it is on by default anyway). Not sure what antivirus to use? Try AVG free. I am not affiliated with them in any way, but the product is good so I recommend it.
• Fifth, virus is not the same as spyware! So keep an antispyware program running. I recommend Spybot Search & Destroy. Again, I am not affiliated...
• And finally, keep your mouse cursor away of warning windows that pop up saying that your computer is infected so you need to download the antivirus "X" to clean it. And I mean that! There is nothing wrong with your computer. Those are misleading messages to trick you and manually download and infect yourself with a nasty piece of virus or spyware. Your antivirus software may warn you with a popup that a virus is found, BUT, it will report the file name, the virus found and will NOT instruct you to download anything!

Well... I kind of deviated from the subject, but nevertheless, this info is useful after all... So to go back to antiviruses... what defines a good antivirus? No matter which one you use, if it is up to date then it is a good antivirus! No joke about that, seriously. Keep it up to date and you won't have too much trouble...