Posts Tagged ‘malware’

Windows Help and Support Vulnerability

Friday, July 2nd, 2010

A vulnerability has been recently discovered in the “Windows Help and Support Centre” as used in Windows XP. Basically this is a tool that is used to offer basic assistance to users and makes use of the internet to gather information and offer advice and downloads including drivers and updates.

The problem is that it uses the HCP protocol as well as the http one and it’s not too fussy about the sites it connects to as it cant validate URL’s properly when using the HCP protocol.

This has led to the bad boys writing websites and links that exploit this vulnerability and if a site with this code is browsed, or a link in an email followed to this code it can then download the “payload” to your PC and in effect do what it wants.

There is more information here on Microsoft’s technet site if you want to learn more.

The best advice for the moment is to keep your antivirus and security software as up to date as possible. There is a workaround listed on the site that involves editing the system registry to disable the HCP protocol but this should not be attempted by the feint hearted as in the words of warning at the beginning of the post “Using registry editor can cause serious problems that may require you to reinstall your operating system” and this is not a fix, its just a workaround until a fix is available.

The worst affected countries at the moment seem to be Portugal and Russia but it will spread.

Windows 7 is not affected by this problem.

Tags: , , , , ,
Posted in Security, Software | No Comments »

83% of small firms suffer I.T. security incidents!

Friday, May 28th, 2010

A recent survey of businesses reported that, 92% of firms with more than 250 employees, and 83% of smaller firms (up to 25 employees), said they had an I.T. related security incident of some sort in the last year. That seems a very high figure but its not all that surprising when you consider that most people still don’t take computer security nearly seriously enough!

I am sure that a lot of the firms in the statistics above will have had some basic protection in place and a proportion of the incidents may well have been relatively minor, but a general lack of knowledge and a false belief that “they won’t be interested in my data” leads companies to neglect the security of their networks and allows others to take advantage of the fact.

We would recommend that regular reviews of network security are undertaken and whilst the full on security audits are perhaps a bit much for a small company, and lets be honest penetration testing sounds painful :-( and social engineering is a bit of an overkill when there are only 30 of you in the company to start with! But there are things that you can do to improve the security, look back at previous posts about stronger passwords  and there was the one about preventing your systems from being used by spammers other things that you should think about are what you allow your users to do on the network.

Do the users on your network need to be able to install software on their PCs? if not then why not consider taking away the local admin rights? This will stop them from installing software that could potentially cause problems later such as peer to peer file sharing, “free software” that comes with a load of viruses and can prevent quite a few user induced problems.

Are all the users on the network set up with the right level off access? Too few rights and they wont be able to work and too many and they will be able to see things that they shouldn’t and make changes that could affect your whole network. If there are users on your network with full domain admin rights then this is probably a bad idea. Even the network administrator should have a standard logon for the day to day stuff and just use an admin account to log on to make system changes.

Setting up effective user groups can help with this in the long term, that way you can assign rights to the group such as sales, admin, management etc. and add individual users to the groups so that they have exactly the rights that they need depending on what role they are performing making future management much easier.

Are your firewalls set up correctly so that they only allow the traffic, both in and out, that you want to allow and prevent all other traffic? As they come out of the box they are quite open and need to be configured to get the best out of them so its worth checking the rules are all set correctly, we can help with that if you need help call us on 0161 941 4555.

There are lots of quite simple checks and modifications that can be made to a network to reduce the risk of becoming a victim of a security breach, so do take some advice on how to protect yourself before its too late. you could do worse than give us a ring and have a chat.

Tags: , , , , , , , , , , , ,
Posted in Security | No Comments »

Oooops! McAfee Anti-virus update cripples PC’s

Friday, April 23rd, 2010

It would appear that a mistake by McAfee, one of the largest anti-virus companies, has caused thousands of PC’s around the world to fail because of a “false positive” issue, i.e. identifying a clean bit of code as infected/bad. Not a bad little virus in itself I suppose :-)

The problem has occurred because an update that they sent out, wrongly identified a part of the Windows operating system, svchost.exe as the wecorl.a virus. This meant that the antivirus software quarantined the file which stopped the operating system from working and resulted in machines constantly restarting and not being able to complete the boot sequence. 

The problem was spotted quickly and McAfee have apologised for the mistake and released a fix, of course because the eroneous update was only in the wild for a short time not everyone will have been affected and it appears that the bulk of the problems were in the US…… this time. This has caused McAffee a major problem and I suspect rather a few red faces as they work to help their customers who were affected by the problem to recover. The other anti-virus companies are, in public at least, sympathetic, no doubt thinking that “there but for the grace of God” etc.

So how can this happen? Well in truth I can’t say what caused this particular issue. McAffee say that there was a problem with their QA process (having made recent changes) which allowed a faulty code to get in to the update. However a simple overview of how anti-virus software detects viruses might be useful here.

Viruses like any other software are just a bunch of code, long string of characters, the antivirus software is looking at this code and checking the character sequences against known sequences that it holds in a database. Now if you are looking for the whole virus then you can have the AV software look for the very long sequence of characters and only identify code as a virus if it is an exact match, fine but what happens if the virus writer changes the code slightly and re-releases the virus, as a variant? Well some of the code will be the same so you have to look for shorter and shorter sequences. The shorter the sequence that you are looking for the more likley it is that it can match a sequence in existing legitimate software, so you can see that there always needs to be a balance to ensure that the software identifies viruses positively whilst not identifying good software as a virus, a false positive.

Of course there are other methods that the antivirus software packages use such as sandboxing code (allowing it to do what it wants to do in a controlled environment where it can’t get at the main system and watching to see if it tries to do something naughty) and then quarantining the code if it is likely to be a virus.

So for all of you who have not been affected you  can smile a bit, but just be aware that your antivirus software is updating several times a day and hope that your antivirus vendor does not have a similar problem in the future.

And before signing off, in answer to those of you who are wondering if you would be better off not having any anti-virus software at all?  The answer is NO.

Tags: , , , , , , ,
Posted in Security, Software | 6 Comments »

Which web browser offers the best protection?

Thursday, April 1st, 2010

With the choice of Internet browsers available it can be difficult to know which one is best to use. In the end it comes down to a matter of personal choice of course and often not a little prejudice.

However we came across some interesting statistics recently by NSS Labs showing how in tests that they carried out there was a large difference across the major browsers in use at the moment. The results below are from Q3 2009 but if you want to see more information click here

In our chart we have reproduced the results for the four most common Internet browsers, Microsoft IE8, Apple Safari 4, Google Chrome 2 andMozilla Firefox.

The tests aim was to determine how effective web browser protection was against two of today’s most prevalent security threats, namely socially engineered malware and phishing attacks.

 
Internet threat protection comparison

Internet threat protection comparison

 

So based on these tests results it looks like the majority of us are right to stay with IE8 for the time being.

It goes without saying that this will not remove the need for antivirus software, keeping your operating systems (see my previous blogs and these one two) updated and perhaps most importantly of all using your common sense, but it’s good to know that there is another layer of protection there to help in the fight against malware.

Happy Easter.

Tags: , , ,
Posted in Security, Software | No Comments »

Definitions of malware

Friday, October 23rd, 2009

People occasionally ask about the different types of viruses and other malware (malicious software) so I thought that it might be helpful to post a brief description of some of the more common types.

Adware- A type of advertising display software and application whose purpose is to deliver advertising content to user un unexpected or unwanted ways.

BOT – Short for robot, its a program that is designed to carry out tasks from its master.

BOTNET- A Botnet is a group of bot infected PC’s that are all controlled by the same “command and control centre”

Hoaxes – Are usually in the form of emails telling you to do something i.e. check to see if you have a virus by looking for a certain file and then delete it (and of course this is normally a system file that is required so you end up damaging your system) or a description like “worst virus ever” and to forward it on to your address book. This just clogs up peoples mail boxes.

Phishing - Is a social engineering attack which attempts to get you to divulge personal information such as passwords, account details etc.

Rootkit - A rootkit is a selection of tools designed to covertly maintain control of a computer.

Spyware - Is a term for software designed to track your computer use without your knowledge or permission and report back. In practice though the term is often used as a generic term for any Malware that is not a specifically a virus.

Trojan - A program that purports to do one thing but actually does something else as well. For instance you might download some free software from the web but as well as that you are installing something else as well, perhaps a rootkit or BOT at the same time.

Virus - A viruses are programs which replicate by copying themselves into other executable code.

Worm – A type of virus, however these can replicate by themselves and do not need host files.

Tags: , , , , , ,
Posted in Security | No Comments »

Malware

Sunday, October 18th, 2009

Everyone has heard of computer viruses and yet there is still a lot of confusion about what they are and what they do. Most people still think of viruses as software that is designed to attack your computer, delete your data or both and whilst this is true there is a lot more to it than that.
There are different types of malicious code to be wary of these days, viruses, spyware, trojans, keyloggers & scareware etc. These can collectively be termed malware, and you do need to be concerned. Whether it’s a simple cookie making your browser take you to a specific internet site, or display a popup on your screen to try and get you to buy something or a keylogger looking to steal your credit card details you need to take care that you don’t fall victim, so make sure that your antivirus package is up to date and working correctly and that it is offering the right level of protection.
You might ask, why do these people write these programs, is it a 13 year old spotty lad messing around on his computer? Well I guess there is still an element of that however these days it’s big business and big money for some, especially for organised criminals, from selling counterfeit goods over the internet to extortion by demanding money from companies to avoid a denial of service attack on their website ( an orchestrated attack on a particular website with thousands of machines all logging on to it at once to stop legitimate customers logging in), just imagine how much an online merchant site would lose if there website was taken down for any length of time, a gambling site before the grand national for example and how much they might pay to avoid it.
There are many threats but some of the most common fall under the category of trojans and bots, these are software packages that hide on your computer without you knowing (they don’t want you to know that they are there) and wait for instructions from its master and then act on those instructions, this may be to take part in a denial of service attack or to send bulk emails via your computer i.e. spam mail, yes people do buy the junk that comes through on the spam folder, if you send enough then a tiny percentage of people will buy. These Trojans can be asked to do almost anything, the BBC in one of there technical programs recently carried out an experiment and bought control of thousands of computers worldwide from a website and got them to do certain things before letting people know that they had a problem, they had no idea that they were even infected.

Why not go to www.eset.co.uk/ThreatCenter/OnlineScanner for a free online scan of your computer to see if you have unwanted guests or call CSE to discuss your situation on 0161 941 4555.

Tags: , , , , ,
Posted in Security, Uncategorized | 1 Comment »