Computer Virus and Malware

Catching up on my blog

Posted on March 14, 2010. Filed under: Computer Virus and Malware, Windows 7 |

I have been so busy with multiple projects lately that I have neglected to post in a while. My latest project includes building a Windows 7 image, while getting familiar with the latest Microsoft tools, the Automated Installation Kit (AIK) and the Deployment Image Servicing and Management (DISM) kit for building and servicing images.

I must say that I was getting to be so tired of MS Windows, that I was looking for opportunities to switch any desktop or server to Linux. Not that I didn’t find plenty to gripe about in Linux. Then came Windows 7 and Server 2008 and my view has changed. I have been very impressed with both. I have been running Windows 7 since it’s release on a 3 year old laptop that wouldn’t run Vista. It runs at least as fast as Windows XP did on it. Did I mention that I didn’t bother to install any antivirus on it either? All I did was create an admin account, and keep other users as non admins. If any unwanted apps or malware attempted to install, I would get prompted for the admin password and I would just click cancel. No problems so far.

In an upcoming post, I plan to write more about my latest experiences wtih the Kace Kbox 1000 and 2000 appliances.

Stick around for more!

Read Full Post | Make a Comment ( None so far )

Another reason to switch to Linux

Posted on January 19, 2010. Filed under: Computer Virus and Malware, Linux |

Over at spywareremove.com, there is an article about a NY school district getting over 3 million stolen from them via a malware infection. I particularly liked the last sentence: “…the FBI and the American Bankers Association recently recommended that online banking be made from dedicated computers, preferably not using Windows.”

http://www.spywareremove.com/security/3-million-stolen-from-ny-school-bank/

Read Full Post | Make a Comment ( None so far )

Network Incident Response and Forensics with NST

Posted on January 2, 2010. Filed under: Computer Virus and Malware, Gateway Antivirus, Linux, Network Forensics, Network Incident Response |

A Systems Engineer’s job isn’t just designing systems, but to also be proactive and think about weaknesses in the system and prevent the next big outage.

One day at the office recently, I started hearing reports of the internet connection running very slowly. Our firewall shows us overall stats, but doesn’t do a good job of showing “Top Talkers”. Actually, that feature is completely missing from it.

I was looking for a quick way to implement a monitoring system to show me who was using up the bandwidth. I also saw a need for a network forensics system to troubleshoot everything from network latency, to stopping the spread of malware. I remembered that I stumbled upon the Network Security Toolkit a while back. I was planning on evaluating it but never got around to it until now. This minor problem was the perfect thing to present to management to hopefully convince them of a need for a network monitoring system. You know how difficult it can be to get funding for anything that doesn’t contribute to the bottom line. I always look for an opening to get my company to use open source software whenever possible. This was a great opportunity.

By the time I had downloaded and burned a disc with NST, the internet latency issue was already over. Still, I went ahead with my evaluation. For the sake of brevity, I am leaving out the steps I took to create a monitor, or SPAN port on the switch. Without a monitor port on your switch, you can’t see all network traffic, only that which is addressed to your IP or MAC address, or broadcasts.

The ISO image was over a gigabyte, so it had to be burned to DVD (It can be used from a bootable USB drive as well). I used a spare laptop to boot the disc, and chose the graphical desktop from the menu options. After startup, I attempted to access the UI at URL https://<ip or domain name>/nstwui. The page wasn’t found. I realized that there weren’t any interfaces available besides lo. I ran the command “ifup eth0” and got a DHCP IP address.  I tried to access the URL again but didn’t get a response. I checked the service status and found that httpd wasn’t started. I ran the command “service httpd start” and got an ok response.  I was then able to access the admin UI.

NST Boot Screen

After logging in, I took the time to fully explore the web interface. I have to admit I was very impressed. It isn’t newbie simple, but this was meant to be a network analyst’s toolkit, not a newbie system. After familiarizing myself with the menus, I started up ntop and browsed to the management URL. I was able to easily drill down to see who was using up the most bandwidth and which services were running on the target computer.

While thinking about what other network issues I could solve with NST, I realized that we need to be prepared for the next big virus or worm outbreak and run an Intrusion Detection System (IDS). Fortunately, Snort is installed on NST, and was a snap to setup, but I already had some experience with Snort to start with. I recommend you try out NST in advance and get familiar with the tools BEFORE you are acting in a state of emergency. If you plan on using Snort, be sure to research how to create your own rules before the need arises. For those not already familiar with Snort, it can double as a gateway antivirus appliance if you configure it “inline”.

Snort Setup

Network Security Toolkit has many other tools installed that can be controlled in the excellent but very busy web interface. A complete list of tools included can be found here.

Read Full Post | Make a Comment ( 4 so far )

Switching to Linux with Puppy

Posted on January 1, 2010. Filed under: Computer Virus and Malware, Linux, Low Cost or Free |

Do you need a trusted online banking environment that you can be sure is free of malware? Or maybe you are just tired of buying Windows, antivirus software, and still having to pay someone to remove viruses? Have you ever thought about switching to Linux?

Typically the Linux operating system has been considered an O.S. for computer geeks and hackers. When your Linux distribution of choice just happens to recognize all of your hardware, it really is nice. If you have to tweak your settings to get a plugin or driver to work, it can be a real headache.

I have used Puppy Linux for about two years, mainly for data recovery. When nothing else works to recover data off of a corrupted hard drive, I know that I can use puppy to easily copy files to USB drives with ease. That has been my secret weapon for data recovery.

I have been using the same Puppy CD-ROM disk for quite a long time. It met my needs so I didn’t see the need to try the latest version. Lately a coworker needed to borrow my disk, but I had left it at home. He downloaded and burned the latest version. When I took a look, the latest Puppy version (4.2), looked very polished. After trying it myself, the main thing that stood out was that the menus and program names are arranged by verb instead of program name. This makes it perfect for a first time Linux user. You don’t have to look for a program to play a video and wonder what the names of each program mean. When you click on the start menu, the programs are named similar to “Play Video”, or “Browse the Web”, or “Read Email”.

Puppy can be run directly from the CD or installed to hard drive quickly and easily. Just boot off of the CD to try it out and see if it recognizes your computer hardware. If you like it, you can continue to run it off of the CD or install it. If you continue to run off of CD, It will save your data to USB drives or hard disk. Each time you reboot, your operating system is refreshed but your files are still there. Basically any changes like a virus infection is wiped out, that is if you even have to worry about a virus infection in the first place since this is rarely seen on Linux.

If you would like to be sure that you are doing online banking from a clean system, just run your operating system of choice (Windows/Linux/Mac) everyday and boot from the Puppy CD before going to your banking site. This is a great way to prevent malware keyloggers from stealing your banking credentials.

Read Full Post | Make a Comment ( 11 so far )

How to Prevent Computer Virus

Posted on December 31, 2009. Filed under: Computer Virus and Malware | Tags: |

  1. Don’t use an administrator account. In Windows Control Panel, User Accounts, create a new user named “Admin”. Admin should be the only administrtive user. Change all other accounts including your own to non administrators. Malware can do a limited amount of damage if not running as admin. If you need to install anything, you will be prompted for Admin’s password. Think before you type that password in!
  2. Turn off Javascript and Flash support for untrusted sites. And NONE of them can be trusted!
  3. Ensure that Windows Automatic Updates are turned on and working.
  4. Don’t open email attachments, even from friends, unless you are expecting the attachment. When I was in the Navy, one of my coworkers got an email from our Commanding Officer with a subject of “I Love You”.  He opened the email and attachment. He felt really stupid when the computer had to be wiped and everything reinstalled. The funny thing is we had already been warned not to open any suspicous email. Why would he think the C.O. would tell him he loves him?
  5. Keep your Antivirus up to date. Malwarebytes is as good as or better than any of the other antivirus products.
  6. On social networking sites such as Myspace and Facebook, think before you click. Advertisers work hard to entice you to click. That thoughtless click may get you an unwanted toolbar or browser hijack.
  7. Consider using a bootable CD-ROM like Puppy Linux to do your online banking. Any changes you make are lost each time you boot, so malware can’t remain after you reboot. Most malware these days exists to either send spam from your computer, or record your keystrokes when you log into your banking account.
Read Full Post | Make a Comment ( None so far )

Liked it here?
Why not try sites on the blogroll...