paperbagface

Say whaaaaaaa?

The Enemies at our Gates

with one comment

Just like how we lock our homes, keep our bank pin numbers and statements, credit cards, passports, and IC safe from other people, it is important that we do the same for our computers. As the video explained how the various malware works, you can see why it is really important, especially in this day and age where a lot of sensitive information is stored on our computers, to prevent malware from entering our computers.

Security mail services vendor MessageLabs reported on Monday that in January 2007, one in 93.3 e-mails (1.07 percent) comprised some form of phishing attack. There were fewer e-mails–one in 119.9, or 0.83 percent–infected with viruses.

The difference in the ratio of phishing to virus attacks is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. This includes the recent Storm worm and Warezov attacks, according to MessageLabs.

Phishing attacks have become more sophisticated, according to MessageLabs. As online merchants and banks have shiftedtoward two-factor authentication, there has been a rise in sophisticated “man in the middle” phishing tools and Web sites, though such attacks are still quite rare.

Two-factor authentication often involves the user keying in pseudorandomly generated codes–for example, from a key fob–as well as entering a password. This is designed to foil attacks where information is harvested using keyloggers; the code can be used only once.

One particular form of man-in-the-middle attack tries to circumvent this by effectively hijacking a user session. Users are duped into visiting a spoofed portal, hosted on a compromised machine. Information entered, such a bank details and codes, is relayed through the compromised machine to the real bank site. Once the users have validated themselves on the real system through the compromised relay, hackers kill the user connection through the relay and take over the session.

Phishing e-mails are also becoming more personalized, according to Sunner, making such confidence tricks more believable. This includes phishers sending links to people for spoof sites of banks that the intended victims actually use, as opposed to randomly hitting a section of the population.

Here are some ways to heighten your computer’s security:

Antivirus Software- Install it and keep it up-to-date! 

Most antivirus software can be set to automatically update the virus definition files and you should use this feature. If you’re using Trend Micro OfficeScan, definition files are automatically updated from the UITSC server.


Keep software, such as Microsoft XP Microsoft Office, Internet Explorer, Mac OSX.x, and Firefox patched and up-to-date.

Use a complex passwords (see Creating Strong Passwords.)


Install and use a firewall.

This is more critical for laptops that travel on and off the Tufts LAN. You can use the Microsoft firewall, located under Start,SettingsControl Panel.


Be a suspicious user.

  • Email attachments – Don’t open attachments directly from your e-mail. Instead, save them to a location on the hard drive where your virus scanner will have the opportunity to examine it before you open it.
  • Be cautious when clicking on links in emails. To preview the true link path, hover your mouse cursor above the link and looking at the bottom of your email window. If the URL appears to be garbage text or includes a long string of numbers before the actual link, it’s probably not legitimate (see Phishing ).

virus1

  • Never “unsubscribe” to junk by clicking a “remove me” link in an email.
    “A 2002 study performed by the FTC demonstrated that in 63% of the cases where a spam offered a “remove me” option, responding either did nothing or resulted in more email”.
    – http://www.webroot.com/resources/spywareinfo/glossary.html 
  • Consider a “trash” email account to use for web registrations.


Be a cautious Internet surfer.

  • Do not click “Yes” or “No” or “Cancel” on pop-up windows. Clicking can cause a drive-by download, where software is dropped onto your computer, without your knowledge, no matter which of the three responses you choose. Instead, find the page on the Taskbar, right-click on it and select Close.
  • Use the built-in popup blockers that come with most current Internet browsers.


Be a conservative and informed downloader.

  • If it’s free (and the site doesn’t end in .org), be suspicious.
  • Do your homework.
  • Do a search on the product/service name.
  • Look to user forums for the true story.
  • Take the time to read the license agreement – be suspicious of extremely long ones.
  • Take your time installing applications and look for tricks that ask your to sign up for email notifications or install other applications (browser toolbars, desktop weather info, etc.).

Recognizing the Signs

How can you tell if your PC has been compromised by an intrusion, virus, worm, or excessive amount of adware and spyware? The most common signs are:

  • Your browser home page has changed and reverts to the new one after reboot, even if you manually change it.
  • Mistyping a URL redirects you to an odd (sometimes pornographic) web site.
  • You have new toolbars, favorites and/or icons on your desktop without any action by you.
  • Some sites, such as Microsoft Updates or reputable antivirus and spyware removal sites no longer connect/function. Clicking their links leads you to what appear to be junk sites.
  • Tons of pop-up ads – may even pop up when you aren’t actively on the web.
  • You’re PC slows to a crawl and takes forever to boot.
  • If your intrusion includes viruses, your antivirus software may also be disabled or unable to update.
Advertisements

Written by Jacob

April 19, 2012 at 3:37 pm

Posted in Uncategorized

One Response

Subscribe to comments with RSS.

  1. Thanks for every other informative blog. Where else could I get that kind of info
    written in such an ideal means? I have a mission that I am just
    now operating on, and I have been at the glance out for such information.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: