It seems the rainy summer has driven hackers into a frenzy over the past few months as the number of infections seem to have spiked. During the annual BlackHat security conference in Las Vegas last week, security researcher Dan Kaminsky revealed a serious worldwide security issue related to DNS, a critical Internet service. Over in San Jose, Secure Computing released their quarterly report indicating that although spam is dropping significantly, malware is on the loose. In the media, there has been recent coverage of a DNS exploit that could potentially bring the pain to every network if not patched, while MySpace and Facebook have been hit with their own special bugs.
Users beware!
The one that seems to be hitting hardest in the past few days is the bug spreading rapidly across social networking sites. Sent from one of your trusted friends, this seemingly benign message directs you to view a video. The site appears to be YouTube, but in actuality it's hosted on a Russian server. Just visiting this site is probably harmless, but when the victim attempts to view its video, the site redirects the user to run codecsetup.exe. The victim's Facebook contact list is copied, and the virus spreads. Nasty stuff! I've included a screenshot (Fig. 1) from one such message that I received. I have changed the friends name to TERRIBLE FRIEND, but in reality, the photo and name would appear much more convincing. Even the landing page itself copies the Facebook image from the user's profile, making it appear that their friend posted it.
Other (hilarious) variations of the message heading include:
Norton (makers of the Rogers Online Protection) has issued a bulletin indicating that the virus itself is fairly old, and current LiveUpdate definitions should quarantine the offending files. Macafee, AVAST and AVG should pick this one up as well, so run your updates and scan your entire machine.
Pop-up Pustules
Let's not forget our old friend XPAntivirus, recently updated from 2008 to 2009. It has absolutely nothing to do with Norton Antivirus, or Windows XP, other than this virus seems to target machines running the Windows operating system. This is piece of rogue security software, written by criminals in the hopes of tricking you into purchasing their software. These types of fake security programs spawn pop-up messages when you open your browser, warning of dire security breaches and privacy exploits. It then directs you to purchase their "software" to eliminate the problem. In essence you are being blackmailed to remove their messages.
Fig. 1
These programs cannot be removed using the traditional Add/Remove Programs area of the control panel. The best antidote for any virus is education and prevention. If you're on a website that is asking for an install, stop for a moment and ask yourself if you really trust this website. The two main points of infection for this exploit are fake security websites (I wont post the addresses here -- people click links). if you're directed there, and you already have an antivirus program installed, close the webpage using the X on the top right of your window. P2P file-sharing program users, understand that these services are untested, untrusted and generally illegal. Be aware!
Cleaning up the mess
If you think you're infected, the following tools have yielded some success:
To manage your expectations, however, the effectiveness of these tools are mitigated by the condition of your system, and the type of infection you have. Even the professionals have one slipped past them once in a while. The DNS exploit that Dan Kaminsky referred to at the Black Hat security conference affected machines across the globe! The DNS system is responsible for decoding the human language to the physical machine number that serves the page we're requesting. This exploit, if not patched, would have allowed hackers to redirect these requests and send users to any site they wished. In the scenarios he depicted, email could be intercepted, attachments stripped, and a virus payload send on. Recent reports indicate that over 85 percent of servers worldwide have already been patched, and the specific details of the exploit have been kept under wraps. Now is as good a time as ever to start looking at DNS alternatives like our personal favourite, OpenDNS. By browsing your Network Connections in Control Panel, and entering the OpenDNS server numbers, you'll avoiding any potential risk associated with this exploit, and benefit from a set of unique features. |
No comments:
Post a Comment