ERE Information Security Auditors
Home | Site Map | Contact Us | Blog
This text is replaced by the Flash movie.
 Executive Strategies for Managing Risk
Audit Tactics for Managing Risk

Posts Tagged ‘Malware’

Dark Side of Cyberspace

Wednesday, April 14th, 2010

The Toronto Star ran an informative article last week about spying on the Internet, particularly using easily accessible tools like Google, blogs and social networking sites.  The article delves into cyber-spy rings like Shadows and GhostNets and mentions the upcoming global cyber security summit to be hosted by the University of Toronto this fall.  You can see the article on the ERE RSS news feed at www.ere-security.ca .

The article is compelling but the message should not be news to any computer user today.  I’m not sure why anybody would be surprised that private information is stolen on the Internet after vast amounts of publicity on Identity Theft and about cyber-fraud.

So the important question is: Are you vulnerable to cyber –spying or to identity theft?

With regard to cyber-spying, the obvious question is: do you have any sensitive defense or political information worth stealing?  If the answer is “no” then we can all assume you are not being targeted by a spy-ring.

With regard to identity theft and cyber-fraud, some important questions about your computer are:

Do you update your anti-virus and anti-malware software daily?

Do you patch your operating system as soon as important security patches are available?

Do you patch your web browser with security patches as soon as they are available?

Do you avoid updating software tools such as Adobe Acrobat until the updates have been proven to not introduce security vulnerabilities?

Do you run a sweep of your computer work station with an anti-virus and anti-malware tool once a week?

Do you run a web site safety evaluation tool?

If the answer is “no” to any of the above, you probably have security weaknesses.  If you answer “no” to more than one question, you definitely want to consider improving your security procedures.

What about the answers to these questions about your cyber-behavior:

Do you open emails from sources you do not recognize?

Do you open attachments from friendly sources, without screening the attachment for malware prior to opening?

Do you visit unfamiliar web sites without first validating their safety?

Do you post on blogs or social networking sites any personal information including photographs?

Do you provide your home phone number to strangers?

Do you identify the names of your family members to strangers?

If you answer “yes” to any of these questions, you are probably jeopardizing the security and privacy of information on your workstation.   If you answer “yes” to any of the last three questions, you may be putting your family members or yourself in harm’s way.

What about your cyber-housekeeping habits, such as:

Do you regularly change the password to your workstation?

Do you have a strong password for your workstation?

Do you encrypt personal information and passwords?

Do you leave unencrypted personal or sensitive information on external media?

Do you dispose of used disks and computer technology without destroying the media and memory hardware?

Do you dispose of scanner and photocopier technology without destroying the media and memory hardware?

Answering “yes” to any of the above, as you’ve already figured out, is not good for your cyber-health.

So the big question is: Do you want to greatly improve your personal cyber-security?  If yes, by now you probably have a few new specific action items to execute.

Have a secure week.

Regards, Ron Lepofsky, B.A. SC. (Mech Eng), CISSP

ERE Information Security Auditors

www.ere-security.ca

Tags: , , , , , , , ,
Posted in Information Security | No Comments »

Buying Malware and other Self Destructive Behaviour

Tuesday, November 3rd, 2009


Last week I received a call from a lady requesting my assistance. Let’s call her Linda.  Linda’s dilemma was that she purchased online an anti-virus package (from an unknown vendor) which delivered two surprises:

  1. It did not work.
  2. It crashed her computer.  Linda was about to  have her computer restored to a working order.

We reviewed the details of her transaction and her situation and I provided Linda with the following recommendations:

  1. I found the actual vendor’s web site and contact information for Linda (nothing whatsoever to do with our business), and suggested Linda contact them directly and ask for an immediate refund.
  2. We discussed the merits of her not doing anything to her computer until the issue of the refund was handled to her satisfaction.  My reasoning was that a law enforcement agency may wish to do a forensic review of her computer.
  3. Further, based upon the outcome of the refund request, we discussed Linda contacting her local law enforcement and the FBI with regard to possible fraud.
  4. Next we discussed the merits of Linda immediately reporting this transaction to her credit card company and changing her credit card number.
  5. Finally we agreed that self destructive behavior such as dealing electronically with parties unknown is to be avoided.

A few days later Linda called me again, probably with a smile on her face.  Apparently she got a full refund from the vendor, and her credit card company replaced her credit card.   So for the time being, law enforcement is out of the loop, and Linda was off to restore her computer to its previous health.

You may be wondering how Linda, who is a resident of the USA, found my company, as was I.  After doing some surfing I found a link from her vendor, which was in Europe, to a site with a somewhat similar name as our company.  Only the company in question was apparently also in Europe, not Canada, and provided no contact information whatsoever.  So Linda did a partial name search and found our company in Canada.

My last couple of blogs have dealt with the dangers of inappropriate trust on the web and how users can protect themselves.  Just as you wouldn’t feel comfortable purchasing meat being sold from a strangers’ car, it seems reasonable to similarly not purchase anything from an unknown party on the web.

Have a secure week.

Regards, Ron Lepofsky, B.A. SC. (Mech Eng), CISSP

ERE Information Security Auditors

www.ere-security.ca

Tags: , , ,
Posted in Information Security, Internet Security | No Comments »

Malware Vectors and Remediation for Web Sites

Monday, October 19th, 2009

Last week’s blog I discussed mitigation steps recommended end users for protecting themselves from malware in general and specifically from drive by malware.

This week I will identify some of most common (popular) malware technical vectors for infecting web sites, and how web site owners can protect their sites.

Technical Malware Vectors

  • SQL Injection Attack – exploit application layer security vulnerabilities in order to inject active code or change code in applications or direct attack of databases.
  • Javascript Injection Attack – one form of an SQL attack.
  • IFrame Injection Attack – strings or active code injected into the web page, sometimes due to poor input data validation.
  • Javascript injection- invokes IFrames, active code.
  • Stolen FTP credentials Attack – stolen FTP credentials for the web site to gain unauthorized access.
  • Server Application Code Vulnerabilities – poorly written or not thoroughly tested code.
  • Redirect Injection Attack – takes advantage of function of a web page to a web server of attacker’s choice.
  • Malvertising – grabs user information even if publisher is doing a good job.  Malvertizing injects dangerous code especially where there is the opportunity for user generated.

Mitigation Steps for Web Site Owners

  • Incorporate security into application development / database access at the design stage.  Do not treat application security as a bolt-on or afterthought. Particular emphasis on data input fields.
  • Thoroughly test all data input fields and validation for input fields.  Audit all user input fields and user contribution fields by internal audit or by a group other than the developers.
  • Update and patch the Java Virtual Machine (JVM) and Java Developer Kits (JDK).
  • Ensure the integrity of any third party tools for managing a web site, even seemingly innocuous apps like traffic counters.
  • Constantly look for unauthorized changes in web site code, such as strings that cause URL redirects.  Employ tools to identify unauthorized changes in code.
  • Update and patch web server software.
  • Harden the web server platform.  Eliminate all unnecessary accounts, privileges, restrict access, and vigilantly monitor the logs for attempted but failed access, attempted unauthorized access, and of course successful unauthorized accesses.
    • Consider deploying a second layer of anti-malware monitoring and diagnostic technology that is

specifically designed for web site security, with the abilities to block attack attempts, log the

attempted and successful attacks, and which will generate reports and alerts.

  • Identify and remedy all network vulnerabilities for the infrastructure which houses the web site, its

platform, and of course its Internet access.

  • Have an impartial set of eyes review all aspects of network security, including architecture (isolation of web site on a DMZ, etc.), policies and score of compliance with policies, security architecture and how effectively it is used, event log monitoring, and with the risk of repetition; timely and consistent upgrades and patching.

Have a secure week.

Regards

Ron Lepofsky, B.A. SC. (Mech Eng), CISSP

ERE Information Security Auditor

www.ere-security.ca

Tags: , , , ,
Posted in Information Security, Internet Security, Security Postings | 3 Comments »

Preventative Measures for Drive-By Malware

Monday, October 12th, 2009

My last blog discussed the financial motivation for creating malware.  This article identifies preventative measures that both end users and web site managers can implement to protect all concerned from the dangers of drive-by malware.

As a brief reminder, drive-by malware is:

A download which the user indirectly authorized by clicking on a link or by being redirected to a misleading link, but without understanding the consequences.  For instance the user could be installing an unknown ActiveX component or Java applet.   Or any of this happens without the user even knowing about it.

The damaging occurs when the download contains spyware, a computer virus or any kind of malware. Download of malware through exploitation of a web browser, e-mail client or operating system bug, without any user intervention whatsoever. Websites that exploit the Windows Metafile vulnerability may provide examples of “drive-by downloads” of this sort.

Common occurrences of drive-by downloads happen when a user:

  • Visits a website.
  • Views an e-mail message.
  • Clicks on a deceptive popup window believing that, for instance, it is a bone fide message while in fact they have just initiated a malicious software download.

Mitigation Steps Recommended for the End User

  • In order of simple to more complex:
  • Do not store unencrypted personal information on a workstation.
  • Use strong passwords for encryption, access to the workstation, and to any services or devices to which access would be granted by using a workstation.
  • Do not use the same password for multiple devices / services.
  • Change the passwords regularly.
  • Do not open email from unknown senders.
  • Never click on attachments or links embedded within emails, even when the emails are from friends.  A friend may provide an attachment or link that, unknown to them, is infected with malware.
  • Do not go to unknown web sites that could be potentially dangerous.  If in doubt about the veracity of a web site, check its credentials on any number of black listed web sites; search black listed web sites.
  • Do not assume that the web site of a small organization is less prone to malware.  The trend is for criminals to install malware even on small and medium size sites.
  • Verify the certificates of web sites on which the user will be divulging confidential information and / or performing a financial transaction.  Where possible, I recommend, do the transaction by telephone, unless the end user is highly confident in the identity and reputation of the web site.
  • Install an anti-malware package on each workstation.
  • Use a browser with anti-malware features.
  • Judiciously apply security patches to:
    • Anti-malware software.
    • Anti-malware features on a browser.
    • Operating system software.
    • All other application software.
    • At the very least, install a personal firewall in front of any Internet facing workstation.

My Next Blog Article

Next week I will identify some of the technical vectors used to install malware on web sites and the preventative and restorative steps web site owners can implement.

Have a secure week.

Regards,

Ron Lepofsky,

ERE Information Security Auditors.

Tags: , , , ,
Posted in Information Security, Internet Security, Security Postings | No Comments »
Home | Point in Time Audit | Doc Audit/Authorship | 7x24 Monitoring | Knowledge Transfer | ERE Differentiators | About Us | Site map | Contact Us | Blog
Copyrights © 2007-2008. All rights reserved.  Non-security resources 1|2|3|4|5|6|7|8|9

   AddThis Social Bookmark Button