Last Minute: Checking & Fixing the DNSChanger Malware

As July 9 approaches there are still an estimated 300,000 computers on the Internet that are compromised with the DNSChanger malware suite of viruses.  I realize that the news has been covering this well, but there still may be some machines within our networks and at home that are impacted by this vulnerability.  So, provided here are some specific instructions about what you can do.

Before July 9 - Because the news is big on this, end users, or family members, may start to call - worried that their system may be infected and asking what they should do.
1.  Have them go to: http://dns-ok.us/    --->and it checks automatically
2.  If their system comes back clean (GREEN), then they should be ok.
3.  If their system comes back as infected (RED) proceed to the CLEAN-UP section below
Note:  The FBI has an excellent document on manually checking for DNS Changer 
            - http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf

July 9th and After
Scenario: Starting on 7/9 - An end user calls and says that, or you experience, every web page brought up is either not connecting at all or the wrong one than originally typed.
What you should do: Disconnect the computer from the network until an IT support person can help them, or you can run one of the fixes below.  
    Note to IT: Chances may be great that the TCP/IP stack of the machine is not functioning correctly and remote desktop may be not functioning.

DNSChanger CLEAN-UP Instructions
There are several ways to deal with this problem.
1.  Automatically clean the system with one of the following Security Fixers (make sure you've downloaded it from a clean system)
   TREND: Housecall 7.1 - http://housecall.trendmicro.com/
   SYMANTEC: Norton Power Eraser - http://security.symantec.com/nbrt/npe.aspx
   MCAFEE: Mcafee Stinger - http://www.mcafee.com/us/downloads/free-tools/stinger.aspx
   MICROSOFT: Microsoft Windows Defender Offline - http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
   AVIRA: Avira DNS Repair Tool - http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1199

2.  Manually clean the system - You can manually reset the DNS Entries in the Windows Network Control Panel.  However, there is a significant chance that if a system has the DNSChanger malware on it, then it will most likely have other virus' and malware on it.  The following guide is, and has been, very helpful in cleaning infected machines from all sorts of malware and will address the DNSChanger vulnerability as well.

Andrew K's Malware Removal Guide - http://home.comcast.net/~supportcd/MalwareRemoval.html

Twitter Users Reeling from Phishing Attack

Today the major news outlets are reporting that Twitter users are being mis-directed to a fake login site for Twitter.  Users of the Twitter service will receive a Direct Message (DM) from another Twitter user that looks similar to this:  h--p://twitter.access-logins.com/login (- = t).  This is not a registered Twitter domain, it actually goes to a site registered in China:


Registrant:
  Organization   : zhang xiaohu
  Name           : zhang xiaohu
  Address        : changningzhonghuainanlu192hao
  City           : hengyangshi
  Province/State : hunansheng
  Country        : china
  Postal Code    : 421500


You may also get Direct Messages that say: 
"check out this funny blog about you,'  
"Hey, i found a website with your pic on it... LOL check it out here"
It has been reported that these lead to fake Twitter login pages.  


This phishing exploit has actually been roaming around Twitter since the early part of January 2009.  However, it seems that it is gaining momentum.  It is also likely that more fake domains have been setup so that the attack can continue.  It is always a best practice to ensure that before you click a link that you verify that the destination is somewhere you want to go.  For example, the correct domain for logging into Twitter is: http://twitter.com/


Just what is Phishing? If you do a definition lookup in Google, the best answer you'll find is: "Attackers use forged websites to obtain secret passwords. The term comes from "Password Fishing". The Internet addresses are disguised so that they are almost identical to the originals. This mainly affects online banking access."


Here's a great video from Sophos that demonstrates a real Twitter phishing attack:

A little more detail:  Phishing is the Internet's version of a con game.  The user is duped into going to a fake site (a middle man) and presented with a screen that looks very similar to the actual website you were really trying to reach.  Thus the user is duped to fill in whatever information the attacker is trying to retrieve.  It could be bank information, personal data, or other user specific data.  In this case, the site is trying to gather userid's and passwords for Twitter accounts so that the attacker can basically take ownership of your Twitter account and site.  It's anybody's guess what they want with your Twitter site, but usually, the attacker will use your account to send out more Direct Messages to your followers to try to get at more users.  Phishing always seems to work best if the users of a particular service receive messages from folks they know and trust.  This is better known as a trusted source attack and they are very effective.  In this "game" the more user the attacker acquires the more power they have to leverage future attacks. 


For more: 
Hacking: The Next Generation (Animal Guide), Nitesh Dhanjani, Billy Rios, Brett Hardin
http://www.cnn.com/2010/TECH/02/02/twitter.phishing/?hpt=T2
http://mashable.com/2010/02/02/twitter-under-phishing-attack/
http://www.sophos.com/pressoffice/news/articles/2009/01/twitter-phishing.html
http://en.wikipedia.org/wiki/Phishing

Geek Squad Has A Great Video on 5 Tips to Protect Your Kids Online

Just a quick post:  From homework to video games, school-aged children are connected to the online world now more than ever. In this 2 Minute Miracle video Geek Squad Agents Josh Musicant and Eric Irish offer five simple tips to protect your children online.  They cover the following tips:




1.  Use a trusted filtering software software: Cyber Patrol, Norton, and Spysweeper
2.  Maximize your current software.  MS Windows and MAC OS controls.
3.  Use of your wireless router.  Blocking websites and protecting the Access Point
4.  Controlling what kids access via online gaming by using the rating system.
5.  Social networking.  Keep the computer in a place where you can watch your kids online.


I posted a guide to protect your kids online HERE.

AlertBoot is Giving Away 2 Laptops if they Get 5,000 twitter and 5,000 Facebook Followers

AlertBoot Full Disk Encryption announced a new promotional giveaway targeting all their followers on both the Twitter and Facebook social networks. AlertBoot wants to reach 5,000 followers on Twitter and 5,000 fans on Facebook. And to show their appreciation for spreading the word about computer security and encryption, AlertBoot will be giving away TWO NEW Sony Vaio Laptops -- one to a Twitter follower and one to a Facebook fan. Plus, each laptop will be 100% encrypted, secured, and protected by a free one-year subscription to AlertBoot Full Disk Encryption in the Cloud.

Once AlertBoot gets 5,000 followers on Twitter and 5,000 fans on Facebook, two winners (one from Facebook and one from Twitter) will be randomly selected out of all AlertBoot followers and fans. Each winner will receive a Sony Vaio [MSRP: $900] preloaded with a free 1-year subscription to AlertBoot Full Disk Encryption.

The AlertBoot "Protect Your Work" Twitter/Facebook Laptop Giveaway begins on December 25th, 2009. No purchase necessary. To enter, twitter.com/AlertBoot, become a follower, and tweet "I just entered to win a free encrypted laptop from @AlertBoot #AlertBootGiveAway." Or visit www.facebook.com/alertboot, become a fan, and post "I just entered to win a free encrypted laptop from @AlertBoot" on your Wall. Winners will be notified via Facebook, Twitter, or email. For complete rules, visit www.alertboot.com/rules/laptop.asp

Who's Behind All this Hacking - Pt. 1 - Organized Crime

Who would want to break into my home computer?

Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems.  Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.  Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.

Many of today's intruders are sponsored by organized crime and most of the exploits we're seeing are geared to gaining control of many thousands of machines at a time through which your computer becomes part of an online neighborhood of sorts.  Once control is gained your computer can be bought and sold to the highest bidder.  Your system becomes a commodity, not unlike our own homes. In fact, this online transaction is often referred to as buying and selling  "Electronic Real Estate."  Today it is estimated that many millions of computers are part of this underground market and that there are whole "armies" of computers, under someone else's control, ready to wage cyber war against countries, organizations, and other online communities.

Organized Crime Hacking Intel Sheet

Motivation:  Support illegal/underground activities, cartels, & other activities like; human trafficking, drug trade, terrorism, bank/credit fraud.

Funding: Funded primarily with illegal sources (stolen credit card info, personal info, selling hacked computer bot networks.) Often government involvement is “two-way”.

Capabilities: Well funded/staffed efforts underway, mostly geared towards theft of financial information of direct targets, communication with actors, transfer of monies, and the masking of activities.

Advanced Hacking Techniques.  Infected websites, malware development, botnet creation, system cracking, USB flash drive infections, hard disk encryption cracking.

Data Harvesting Capacity.  Open source data gathering and correlation, system cracking and data extraction, use of keyloggers, password stealers, data capturing services, and website redirection.

Use traditional espionage techniques with hacking.  A majority of today’s botnets are designed and maintained by organized crime.  It is estimated that up to 75% of computers are infected with a virus.  Most virus’ today come from organized crime.

I believe that it is NOW time to take our systems back. We need to do all we can to seize control of our systems and provide a barrier between our systems and those intent on taking them from us.  This really is a primary purpose of this site.  I want to give you the tools, links and practices that will help you fight the bad guys.

Talk to Your Neighbors About Their Open Wireless Access Point

I've run into this several times; We've done all we can to secure our Wireless Access Point, we've added WEP or WPA, setup MAC address restrictions, etc., only to be circumvented by the fact that our neighbor's Access Point is wide open.  There are a couple of reasons for this:

• Some folks don't care. 
• They like wide open access, it\'s easy and they want to offer the world their internet connection. 
• They don't know how to secure it. 
• I'm sure that this is the most common problem. 
• It's just too confusing, difficult, etc..
• They have other intentions. 

A little known fact is that once a computer accesses the inside of someone's network, it becomes vulnerable to whatever is happening on that network. The traffic from all machines can be captured, operating system vulnerabilities can be exploited, and your kids (or you) can become targeted by them.  The most significant problem is that your kids are not using the infrastructure you should be providing.  You've secured yours, you've locked it down, and you control it.  - They are basically "sneaking" out the window at night - using a window that someone else provided.

What should you do?

• You should find your neighbors wireless access points yourself, and talk to them about the open ones you've found.  If you have a hard time figuring out who they are, you can detect it yourself with a number of tools. One in particular is NetStumbler which can be used to scan your immediate area. With NetStumbler, you can get a signal strength meter - the stronger the signal, the closer you are.  Just use it to find the open access points..  
• Look at your kids computers, and the wireless preferences, most of the time you'll see profiles for wireless points they've accessed.  If some of these match up with the ones you found in the neighborhood, it's time for a conversation.  
• Remind your kids to use the internet connection you've provided. If you suspect that they are still using your neighbors connection; speak with your neighbor and let them know that their connection is being used and by whom. You probably would want to highly encourage them to secure the point.  

It pays to know what's going on in you neighborhood. Who's providing points of interest for your kids.  It's kind of an electronic neighborhood watch

Great Online Safety Guide for Families

Ran across this today.  It's a great source for online safety information for families.  It covers such areas:
Different Age Levels - Elementary School Children (ages 5-7), Tween Children (8-12), Teens (13-17), and college age and beyond.
Basic Subjects - Safe browsing, Protecting passwords, wireless networks, parental control software, and online faves.
Specific Risks - Internet Predators, Plagiarism and cheating, Cyber bullying and stalking, Filesharing & music/video downloading, Private information & ID theft, Social networking sites, Porn, gambling, racism, Teen online privacy, Email and instant messaging, blogging, Viruses, Worms, Spyware, and digital photography.

It's well written and is a great resource for families.  It has a great resource section too..

A must read for any family with kids on the Internet.....

CLICK HERE for the Guide