The cyber threat is no longer limited to your office network and work persona. Adversaries realize that targets are typically more vulnerable when operating from their home network since there is less rigor associated with the
protection, monitoring, and maintenance of most home networks. Home users need to maintain a basic level of network defense and hygiene for both themselves and their family members when accessing the Internet.

Host-Based Recommendations

Windows Host OS

1. Migrate to a Modern OS and Hardware Platform
Both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP. Many of these security features are enabled by default and help prevent many common attack
vectors. In addition, implementing the 64-bit mode of the OS on a 64-bit hardware platform substantially increases the effort of an adversary to attain a system or root compromise. For any Windows-based OS, verify that Windows Update is configured to provide updates automatically.

2. Install a Comprehensive Host-Based Security Suite
A comprehensive host-based security suite provides support for anti-virus, anti-phishing, safe browsing, Host-based Intrusion Prevention System (HIPS), and firewall capabilities. These services work collaboratively to provide a layered defense against most common threats. Several security suites today provide access to a cloud-based reputation service for leveraging corporate knowledge and history of malware and domains. Remember to enable any
automated update service within the suite to keep signatures up-to-date.

3. Limit Use of the Administrator Account
The first account that is typically created when configuring a Windows host for the first time is the local administrator account. A nonprivileged “user” account should be created and used for the bulk of activities conducted on the host to include web browsing, email access, and document creation/editing. The privileged administrator account should only be used to install updates or software, and reconfigure the host as needed. Browsing the web or reading email as an administrator provides an effective means for an adversary to gain persistence on your host. Within Vista or Windows 7, administrative credentials can be easily accessed by right clicking on any application, selecting the “Run as Administrator” option, then providing the appropriate administrator password. Furthermore, all passwords associated with accounts on the host should be at least 10 characters long and be complex (include upper case, lower case, numbers, special characters).

4. Use a Web Browser with Sandboxing Capabilities
Several currently available third party web browsers now provide a sandboxing capability that can contain malware during execution thereby insulating the host operating system from exploitation. Most of these web browsers also provide a feature to auto-update or at least notify you when updates are available for download. Also, promising approaches that move the web browser into a virtual machine (VM) are starting to appear on the market but are not yet ready for mass consumer use.
5. Update to a PDF Reader with Sandboxing Capabilities
A sandbox provides protection from malicious code that may be contained in a PDF file. PDF files have become a popular technique for delivering malicious executables. Several commercial and open source PDF readers now provide sandboxing capabilities as well as block execution of embedded URLs (website links) by default.
6. Migrate to Microsoft Office 2007 or Later
If using Microsoft Office products for email, word processing, spreadsheets, presentations, or database applications, upgrade to Office 2007 or later and its XML format for storing documents. By default, the XML file formats do not execute embedded code when opened within Office 2007 or later products thereby protecting the user from malicious code delivered via Office documents. The Office 2010 suite also provides “Protected View” mode which opens documents in read-only mode thereby potentially minimizing the impact of a malicious file.
7. Keep Application Software Up-to-Date
Most home users do not have the time or patience to verify that all applications installed on their workstation are fully patched and upto- date. Since many applications do not have an automated update feature, attackers frequently
target these applications as a means to exploit a targeted host. Several products exist in the market which will quickly survey the software installed on your workstation and indicate which applications have reached end-of-life,
require a patch, or need updating. For some products, a link is conveniently provided in the report to download the latest update or patch.
8. Implement Full Disk Encryption (FDE) on Laptops
Windows 7 Ultimate as well as Vista Enterprise and Ultimate provide support for Bitlocker Full Disk Encryption (FDE) natively within the OS. For other versions of Windows, third party FDE products are available that will help prevent data disclosure in the event that a laptop is lost or stolen.
Apple Host OS
1. Maintain an Up-to-Date OS
Configure any Mac OS X system to automatically check for updates. When notified of an available update, provide privileged credentials in order to install the update. The Apple iPad should be kept up-to-date as well and requires a physical connection (e.g., USB) to a host running iTunes in order to receive its updates. A good practice is to connect the iPad to an iTunes host at least once a month or just prior to any travel where the iPad will be used.
2. Keep Third Party Application Software Up-to-Date
Periodically check key applications for updates. Several of these third party applications may have options to automatically check for updates. Legacy applications may require some research to determine their status.
3. Limit Use of the Privileged (Administrator Account)
The first account that is typically created when configuring a Mac host for the first time is the local administrator account. A non-privileged “user” account should be created and used for the bulk of activities conducted on the host
to include web browsing, email access, and document creation/editing. The privileged administrator account should only be used to install updates or software, and reconfigure the host as needed. Browsing the web or reading email as an administrator provides an effective means for an adversary to gain persistence on your host.
4. Enable Data Protection on the iPad
The data protection feature on the iPad enhances hardware encryption by protecting the hardware encryption keys with a pass code. The pass code can be enabled by selecting “Settings,” then “General”, and finally “Pass
code.” After the pass code is set, the “Data protection is enabled” icon should be visible at the bottom of the screen. For iPads that have been upgraded from iOS 3, follow the instructions at: http://support.apple.com/kb/HT4175.
5. Implement FileVault on Mac OS Laptops
In the event that a Mac laptop is lost or stolen, FileVault (available in Mac OS X, v10.3 and later) can be used to encrypt the contents of a user’s home directory to prevent data loss.
Network Recommendations
1. Home Network Design
The Internet Service Provider (ISP) may provide a cable modem with routing and wireless capabilities as part of the consumer contract. To maximize the home user’s administration control over the routing and wireless device, deploy a separate personally-owned routing device (a) that connects to the ISP provided router/cable modem. Figure 1 depicts a typical home network configuration that provides the home user with the network infrastructure to
support multiple systems as well as wireless networking and IP telephony services (b).

figure 1

2. Implement WPA2 on Wireless Network
The wireless network should be protected using Wi-Fi Protected Access 2 (WPA2) instead of
WEP (Wired Equivalent Privacy). Using current technology, WEP encryption can be broken in minutes (if not seconds) by an attacker, which afterwards allows the attacker to view all traffic passed on the wireless network. It is important to note that older client systems and access points may not support WPA2 and will require a software or hardware upgrade. When researching for suitable replacement devices, ensure that the device is WPA2-Personal certified.
3. Limit Administration to Internal Network
Administration of home networking devicesshould be from the internal-facing network. When given the option, external remote administration should be disabled for network devices. Disabling remote administration
prevents an attacker from changing and possibly compromising the home network.
4. Implement an Alternate DNS Provider
The Domain Name Servers (DNS) provided by the ISP typically don’t provide enhanced security services such as the blocking and blacklisting of dangerous and infected web sites. Consider using either open source or commercial DNS providers to enhance web browsing security.
5. Implement Strong Passwords on all Network Devices
In addition to a strong and complex password on the wireless access point, a strong password
needs to be implemented on any network device that can be managed via a web interface. For instance, many network printers on the market today can be managed via a web interface to configure services, determine job status, and enable features such as email alerts and logging.
Operational Security (OPSEC)/Internet Behavior Recommendations
1. Traveling with Personal Mobile Devices
Many establishments (e.g., coffee shops, hotels, airports, etc.) offer wireless hotspots or kiosks for customers to access the Internet. Since the underlying infrastructure is unknown and security is often lax, these hotspots and
kiosks are susceptible to adversarial activity. The following options are recommended for those with a need to access the Internet while traveling:

a. Mobile devices (e.g., laptops, smart phones) should
utilize the cellular network (e.g., mobile Wi-Fi, 3G or 4G
services) to connect to the Internet instead of wireless
hotspots. This option often requires a service plan with a
cellular provider.
b. Regardless of the underlying network, users can setup
tunnels to a trusted VPN service provider. This option can
protect all traffic between the mobile device and the VPN
gateway from most malicious activities such as monitoring.
c. If using a hotspot is the only option for accessing
the Internet, then limit activities to web browsing. Avoid
accessing services that require user credentials or entering
personal information.
Whenever possible, maintain physical control over mobile devices while traveling. All portable devices are subject to physical attack given access and sufficient time. If a laptop must be left behind in a hotel room, the laptop should be powered down and have Full Disk Encryption enabled as discussed above.

2. Exchanging Home and Work Content Government maintained hosts are generally configured more securely and also have an enterprise infrastructure in place (email filtering, web content filtering, IDS, etc. ) for preventing
and detecting malicious content. Since many users do not exercise the same level of security on their home systems (e.g., limiting the use of administrative credentials), home systems are generally easier to compromise. The forwarding of content (e.g., emails or documents) from home systems to work systems either via email or removable media may put work systems at an increased risk of compromise. For those interactions that are solicited and expected, have the contact send any work-related correspondence to your work email account.
3. Storage of Personal Information on the Internet
Personal information which has traditionally been stored on a local computing device is steadily moving to the Internet cloud. Examples of information typically stored in the cloud include webmail, financial information, and personal information posted to social networking sites. Information in the cloud is difficult to remove and governed by the privacy policies and security of the hosting site. Individuals who post information to these webbased services should ask themselves “Who will have access to the information I am posting?” and “What controls do I have over how this information is stored and displayed?” before proceeding. Internet users should also be aware of personal information already published online by periodically searching for their personal information using popular Internet
search engines.
4. Use of Social Networking Sites
Social networking sites are an incredibly convenient and efficient means for sharing personal information with family and friends. This convenience also brings some level of risk; therefore, social network users should be cognizant of what personal data is shared and who has access to this data. Users should think twice about posting information such as address, phone number, place of employment, and other personal information that can be used to target or harass you. If available, consider limiting access to posted personal data to “friends only” and attempt to verify any new sharing requests either by phone or in person. When receiving content (such as third-party applications) from friends or new acquaintances, be wary that many recent attacks have leveraged the ease with which content is generally accepted within the social network community. This content appears to provide a new capability, when in fact there is some malicious component that is rarely apparent to the typical user. Also, several social networking
sites now provide a feature to opt-out of exposing your personal information to Internet search engines. A good recommendation is to periodically review the security policies and settings available from your social network
provider to determine if new features are available to protect your personal information.
5. Enable the Use of SSL Encryption
Application encryption (also called SSL or TLS) over the Internet protects the confidentiality of sensitive information while in transit. SSL also prevents people who can see your traffic (for example at a public WiFi hotspot) from being able to impersonate you when logging into web based applications (webmail, social networking sites, etc.). Whenever possible, web-based applications such as browsers should be set to force the use of SSL. Financial institutions rely heavily on the use of SSL to protect financial transactions while in transit. Many popular applications such as Facebook and Gmail have options to force all communication to use SSL by default. Most web browsers provide some indication that SSL is enabled, typically a lock symbol either next to the URL for the web page or within the status bar
along the bottom of the browser.
6. Email Best Practices
Personal email accounts, either web-based or local to your host, are common attack targets. The following recommendations will help reduce your exposure to email-based threats:
a. In order to limit exposure both at work and home,
consider using different usernames for home and work
email addresses. Unique usernames make it more difficult
for someone targeting your work account to also target you
via your personal accounts.
b. Setting out-of-office messages on personal email
accounts is not recommended, as this can confirm to
spammers that your email address is legitimate and also
provide awareness to unknown parties as to your activities.
c. Always use secure email protocols if possible when
accessing email, particularly if using a wireless network.
Secure email protocols include Secure IMAP and Secure
POP3. These protocols, or “always use SSL” for web-based
email, can be configured in the options for most email
clients. Secure email prevents others from reading email
while in transit between your computer and the mail server.
d. Unsolicited emails containing attachments or links
should be considered suspicious. If the identity of the
sender can’t be verified, consider deleting the email without
opening. For those emails with embedded links, open your
browser and navigate to the web site either by its wellknown
web address or search for the site using a common
search engine. Be wary of an email requesting personal
information such as a password or social security number.
Any web service that you currently conduct business with
should already have this information.

7. Password Management
Ensure that passwords and challenge responses are properly protected since they provide access to large amounts of personal and financial information. Passwords should be strong, unique for each account, and difficult to guess. A strong password should be at least 10 characters long and contain multiple character types (lowercase, uppercase, numbers, and special characters). A unique password should be used for each account to prevent an attacker from gaining access to multiple accounts if any one password is compromised. Disable the feature that allows programs to remember passwords and automatically enter them when required. Additionally, many online sites make use of password recovery or challenge questions. The answers to these questions should be something that no one else would know or find from Internet searches or public records. To prevent an attacker from leveraging personal information about yourself to answer challenge questions, consider providing a false answer to a fact-based question, assuming the response is unique and memorable.
8. Photo/GPS Integration
Many phones and some new point-and-shoot cameras embed the GPS coordinates for a particular location within a photo when taken. Care should be taken to limit exposure of these photos on the Internet, ensure these photos can only be seen by a trusted audience, or use a third-party tool to remove the coordinates before uploading to the Internet. These coordinates can be used to profile the habits and places frequented for a particular individual, as well as provide near-real time notifications of an individual’s location when uploaded directly from a smart phone. Some
services such as Facebook automatically strip out the GPS coordinates in order to protect the privacy of their users.

Enhanced ProtectionRecommendations
The following recommendations require a higher level of administrative skills to implement and maintain on home networks than the previous recommendations. These recommendations provide additional layers of security but may impact your web browsing experience or require some iteration to adjust settings to the appropriate thresholds.
1. Enhanced Wireless Router Configuration Settings
Additional protections can be applied to the wireless network to limit access. The following security mechanisms do not protect against the experienced attacker, but are very effective against a less experienced attacker.
a. MAC address or hardware address filtering enables the
wireless access point to only allow authorized systems to
associate with the wireless network. The hardware address
for all authorized hosts must be configured on the wireless
access point.
b. Limiting the transmit power of the wireless access
point will reduce the area of operation (signal strength)
of the wireless network. This capability curtails the home
wireless network from extending beyond the borders of a
home (e.g., parking lot or adjacent building).
c. SSID cloaking is a means to hide the SSID, the
name of a wireless network, from the wireless medium.
This technique is often used to prevent the detection of
wireless networks by war drivers. It is important to note
that enabling this capability prevents client systems from
finding the wireless network. Instead, the wireless settings
must be manually configured on all client systems.
d. Reducing the dynamic IP address pool or configuring
static IP addresses is another mechanism to limit access
to the wireless network. This provides an additional layer
of protection to MAC address filtering and prevents rogue
systems from connecting to the wireless network.
2. Disable Scripting Within the Web Browser
If using third party web browsers such as Firefox or Chrome, use NoScript (Firefox) or NotScript
(Chrome) to prevent the execution of scripts from untrusted domains. Disabling scripting can cause usability issues, but is an effective technique to reduce web bourne attacks.
3. Enable Data Execution Prevention (DEP) for all Programs
By default, DEP is only enabled for essential Windows programs and services. Some third party or legacy applications may not be compatible with DEP, and could possibly crash when run with DEP enabled. Any program that requires DEP to execute can be manually added to the DEP exemption list, but this requires some technical expertise.

See the full article from zdnet here>>

The Internet world continues to get bigger by the day and with that comes people who will try and take advantage of you. Some will try to steal your passwords, banking information, as well as your identity. Identity theft is one of the biggest problems the average person deals with online. This article will outline some tips on how to protect yourself online from these seedy characters.

One of the easiest ways to protect yourself online is by having your computer’s operating system updated. Many times we get lazy and do not have the protection on the computer like we should. Always have your firewall turned on, and anti-virus programs running and updated. This will go a long way in helping protect you when you’re online. Run a full system scam at least once a month.

Change your password often and stay away from family names. Many times we use birthdays or family member names as passwords. Try to stay away from this. Thieves understand this and you become more vulnerable if you do this. Use numbers and letters together preferably at least eight characters. Another tip to remember is do not use the same password for all your accounts.

Do not open attachments from people you do not know. Even if you do know them always scan the attachments before downloading them. This protects you and any chance that your computer could be infected.

Watch for fake emails from banks, and credit card companies. Thieves can create great emails that look like they came from your bank or credit card company. It is called Phising. This is a major problem online and one you will need to watch carefully. Phising uses an email link to take you to a website that is an exact copy of one you do business at. Once you input your log in information the thieves steal it and can access your account. It’s always best to go to your Bank or credit card company website and never through an email link.

source: http://www.web-tech-rus.org/tips-to-help-protect-yourself-online.html

Computers have become such an important part of our lives – for accessing information, keeping in touch with friends and family, shopping, working, and other activities – that it’s easy to overlook the risks of using them. We rely on computers so much that many of us neglect the importance of PC security to keep our passwords, credit card numbers, and other personal information safe from identity thieves.

To help keep your computer and information safe, we’ve compiled a list of seven computer security tips to follow that can reduce your chances of being an identity theft victim by enhancing your PC’s security:

1. Never open unsolicited e-mail.

Always delete unsolicited e-mail, and never, ever, click on a link in an e-mail from someone you don’t know. Doing so could infect your computer with a virus.

2. Use strong passwords that are impossible for a thief to guess.

Use a different password for each login, and make sure that each password is a combination of upper- and lowercase letters, numbers, and symbols. People who use the same passwords for everything make it easy for thieves to steal their identities.

3. Install antivirus software and keep it updated.

There are many good antivirus programs online that people can download free or for a donation. Download at least three, run them at least once a week, and keep them updated.

4. Protect your computer with a firewall.

A computer firewall creates a virtual wall between your computer and thieves who want to access your personal information. Hardware and software firewalls help keep your computer safe when you’re online.

5. Don’t share your personal information online.

Social networks are fun and great for connecting with friends, but thieves use them to trick people into providing their personal information. You wouldn’t share your private information with a stranger on the street, so don’t share it with a stranger online, either, no matter how long you’ve “known” them.

6. Keep your operating system updated.

When your computer operating system tells you an update is available, update it as soon as possible, and get in the habit of keeping it updated at all times to thwart identity thieves.

7. Be wary of fake antivirus notifications and other scareware.

Antivirus viruses, also known as scareware, trick users into thinking that they have a computer virus in order to frighten them into providing their credit card information to download an “antivirus program” that will remove it. If you have scareware installed on your machine, disconnect your computer from the Internet, call a computer tech to remove it, and remember to never provide any personal information in the pop-ups that appear on your screen.

source: http://ezinearticles.com/?7-Tips-to-Secure-Your-Home-Computer&id=5471419

As more and more things we value get stored on our computers, such as digital photos and Quicken financial data, the consequences of losing files have dramatically increased. Here are some simple ways you can make sure you never lose your important files.

1. Make sure your files are backed up using online data backup

This is the number one way to make sure your files are always safe. Online backup of your computer is the easiest way to make sure you never lose your files. Systems that offer online data backup are A) automatic, so you never have to remember to do it, B) inexpensive, and C) keep everything off site. That way, in case your computer ever gets damaged or stolen, everything is safe.

2. Don’t save over your previous file

This isn’t one that many people think about, but opening a new word document, making changes, and then saving the modified file using the same file name means you just overwrote you previous copy. It’s better to save important photos or documents using version numbers such as “My Word File v1.0″. Change the version number after every significant change to something like v1.1 or v2.0

3. Replace hard drives before there is trouble

The typical life span for a hard drive is 3 to 5 years. And they are inexpensive enough to be replaced before they fail. For less than $50, you can get a drive that will hold all your pictures, documents and everything else. Replacing them on a routine basis before there is a problem means you won’t have to go through the stress of trying to get your files back when your drive fails.

4. Make sure your computer is electrically protected

Computers are very susceptible to power problems. Unintentional power shutoffs, voltage spikes and many other things can cause unexpected loss of files and damage your computer equipment. Your computers should be plugged into an Uninterruptible Power Supply or UPS. When you plug your computer into a UPS, your equipment will continue to be powered on even if the electricity goes out or there is a power surge, so that you can shut your computer down properly. That way, your computer equipment, and most importantly your files, will be safe.

5. Don’t get your computer stolen

This may seem like an obvious one, but thousands of laptops are stolen all the time. The most common way people have their laptops stolen is from their car. If you are going to leave your laptop in your car, lock it in the trunk where it isn’t visible from the outside, or take it with you.

source: http://ezinearticles.com/?Top-5-Ways-to-Keep-Your-Computer-Files-Safe&id=3976019

Advanced Encryption Standard (AES) is a symmetric key cipher technique used to secure and encrypt operating systems, hard drives, networking systems, files, e-mails, and other similar data. In cryptography, AES consist of three block ciphers taken from a larger collection published originally as Rijndael. Each cipher has a 128-bit block size with three different key sizes of 128, 192, and 256 bits.

The AES cipher does a number of transformation rounds repetitiously, which converts the input plain text into an output of cipher text. There are several processing steps for each round with one round that relies exclusively on the encryption key. Then, a set of reverse rounds are applied to convert the cipher text back into plain text. The AES encryption only uses one 128-bit key to encrypt and decrypt data.

In the United States (US), the National Institute of Standards and Technology (NIST) made a request for encryption algorithms for the AES standard. Joan Daemen and Vincent Rijmen worked together to create the Rijndael cipher. They submitted their cipher to the AES selection process from which Rijndael was selected.

The US government accepted the AES encryption standard and implemented it into its systems to help secure classified and non-classified information. In November 2001, AES was chosen by NIST as the Federal Information Processing Standard (FIPS), also known as FIPS197. In July 2003, the National Security Agency (NSA) stated that AES was secure enough to protect its information at the secret and top-secret levels.

AES encryption is used around the world to secure some of the most protected systems for both governmental groups and business. AES encryption is even used by individuals to protect private computers and networking systems. It is now the standard set by the US government and individuals worldwide.

One of the reasons why AES encryption works so well is that it works on multiple network layers at the same time. Although AES and Rijndael are used interchangeably, there are some differences that should be noted. While AES uses a fixed 128-bit block cipher and three key sizes of 128, 192 and 256 bits, Rijndael can be used with any size block cipher and key in multiples of 32-bits. Rijndael ranges from 128-bit to 256 bits for its key and block cipher sizes.

While AES encryption is not unbreakable, it is generally considered highly secure. Until 2009, it was believed that only a side-channel attack could get through an AES-protected system. In 2009, related key attacks and known-key distinguishing attacks were reported. Some of the attacks on AES systems are difficult to complete; for example, attacks typically require a user to be on the same system as the AES encryption software to break the cipher.

source: http://www.wisegeek.com/what-is-aes-encryption.htm

A polymorphic virus is a computer virus which is capable of mutating itself when it replicates, making it more difficult to identify with ordinary antivirus software. To effectively find such viruses, antivirus software needs to have more complex algorithms available to help it identify distinctive patterns which can betray the presence of a virus even when the code behind the virus is not known to the software. Such software tends to be more expensive, reflecting the additional effort required during development and updates to make the software functional.

The first known polymorphic virus was developed in 1990, in the early days of the Internet, illustrating the fact that virus creators have always been ahead of the curve when it comes to developing malicious code. Polymorphic viruses operate with the assistance of an encryption engine which changes with each virus replication; this keeps the encrypted virus functional, while still hiding the polymorphic virus from the computer it infects and allowing the virus to slip through security systems which are designed to prevent malicious code from entering or exiting a network.

Essentially, the designers of polymorphic viruses have integrated a trait associated with viruses which infect humans into the design of their software, designed to infect computers. Human viruses are infamous for being able to mutate rapidly to avoid detection and prevent the buildup of immunities, and when a computer virus has a similar trait, the results can be unpleasant for computer users. It can be difficult to mount an adequate defense against a polymorphic virus, even with excellent antivirus software which has been designed to attempt to detect such viruses.

Polymorphic viruses can operate in different ways. Some mutate with each infection, making the virus extremely difficult to track. Others change with each generation. The speed of mutation is also highly variable. Some viruses mutate more slowly, which can make it easier to catch them, while others change very quickly. All of these variations, as a whole, make polymorphic viruses very diverse, which adds to the challenge of pinning them down.

Infection with a polymorphic computer virus can be a serious problem. While all computer viruses are designed to remain undetected for as long as possible, so that they can exact the maximum damage and increase their chances of infecting other computers, a polymorphic virus can linger undetected even on a system with antivirus software in place. People may also be lulled into thinking that their system is clean because they have such software and they update it regularly.

source: http://www.wisegeek.com/what-is-a-polymorphic-virus.htm

Man in the browser attacks are designed to capture confidential information that can be utilized to the advantage of the entity that launched the attack. As part of the function, the man in the browser process begins with the establishment of the Trojan on the hard drive. The Trojan embeds in a file and is often hard to isolate. Once in place, the Trojan is in place, the virus launches a transparent overlay on the browser that is highly likely to be detected.

Unlike more traditional phishing methods that employ links in the body of emails to direct users to fake web sites and prompt them to enter secure data, the man in the browser simply captures data as the user enters it. The user is completely unaware of that the data is being hijacked, since he or she is interacting with a legitimate site. The man in the browser does not interfere with the transaction in any way at this point.

Once the data is captured, the entity that created and distributed the man in the browser attack receives the collection of security codes, credit card numbers, or bank account login information and can begin to use it for a wide range of purposes. The victim may not be aware of the problem until several credit cards have been used or the balance in the checking account begins ton dwindle unexpectedly.

Part of the frustration with a man in the browser attack is that the bug is very hard to detect and even harder to remove from the system. Unlike many other forms on intrusive viruses, a man in the browser invader operates between the browser security protocols and the input of the user. This means that standard security measures normally will not even reveal the presence of the man in the browser virus.

source: http://www.wisegeek.com/what-is-a-man-in-the-browser-attack.htm

Scareware refers to bogus sales tactics designed to scare a user into thinking his or her computer contains critical errors or viruses that must be fixed immediately. For a price, scareware ads offer an instant solution in the form of downloadable software. In some cases this software is harmless, in other cases the software meant to fix non-existent errors is actually spyware or some form of malware itself, victimizing consumers twice.

A scareware ad might pop-up at any time when cruising the Web. The ad can resemble a Microsoft window or it might trigger an actual window, leading people to believe the message is being generated by their own operating system. The pop-up warns the user that the computer is compromised in one or more ways and requires a fix. The warning might cite viruses or system errors such as registry errors. Clicking an “OK” button will take the user to the download site to buy the “fix.”

Regular scanning with legitimate software is part of routine computer maintenance. Registry scanners will look for orphaned pointers, missing values, uninstalled leftovers and other bits of incorrect data that can slow performance. Many websites employ online scanners that will comb a visitor’s registry looking for problems. Registry problems can be found in nearly every scan, and most errors don’t amount to much more than housekeeping. Websites dedicated to selling scareware use online scanners that will report nonexistent problems presenting them as extremely critical, urging the victim to buy software to avoid certain disaster.

Microsoft™ Corp. has little tolerance for scareware tactics that reflect poorly on its operating systems (OSs), making them appear more vulnerable than they actually are. In 2005, Microsoft joined forces with the state of Washington to sue Secure Computer for Spyware Cleaner, scareware that falsely reported the presence of spyware. The suit cost Secure Computer one million US dollars to settle. In September 2008, the software giant joined forces with Washington once again to name several alleged scareware companies in a similar scareware suit.

To avoid being targeted by scareware companies, employ a pop-up blocker configured to block third-party sites. If using XP SP1, upgrade to SP2 or disable Windows Messenger (versus Windows Live messenger), as this can be an entry point for malicious scripts. If you want to use an online scanner, look for recommendations from reputable sources like PCWorld or Tom’s Hardware. Better yet, download a reliable scanner and use it from your hard drive. If you practice good maintenance habits and have the usual guardian programs running, you have little reason to fear infections or errors.

If a pop-up does occur, it should be generated from one of your installed programs. Firewalls, anti-virus programs, anti-spyware and registry cleaners all utilize warning pop-up windows that include the program’s name to identify which software program is alerting. If the pop-up is a true Windows system alert, it will likely only warn that a program must close or that some unexpected function occurred. These are informative pop-ups rather than ‘curative.’ Windows automatic update, if enabled, might recommend the user download a patch or upgrade, but the patch should be from Microsoft, free of charge.

source: http://www.wisegeek.com/what-is-scareware.htm

The most important difference between a trojan virus/trojan horse and a virus is that trojans don’t spread themselves. Trojan horses disguise themselves as valuable and useful software available for download on the internet. Most people are fooled by this ploy and end up dowloading the virus disguised as some other application. The name comes from the mythical “Trojan Horse” that the Ancient Greeks set upon the city of Troy.

A trojan horse is typically separated into two parts – a server and a client. It’s the client that is cleverly disguised as significant software and positioned in peer-to-peer file sharing networks, or unauthorized download websites. Once the client Trojan executes on your computer, the attacker, i.e. the person running the server, has a high level of control over your computer, which can lead to destructive effects depending on the attacker’s purpose.

A trojan horse virus can spread in a number of ways. The most common means of infection is through email attachments. The developer of the virus usually uses various spamming techniques in order to distribute the virus to unsuspecting users. Another method used by malware developers to spread their trojan horse viruses is via chat software such as Yahoo Messenger and Skype. Another method used by this virus in order to infect other machines is through sending copies of itself to the people in the address book of a user whose computer has already been infected by the virus.

Types of Trojan Horse Viruses

Trojan Horses have developed to a remarkable level of cleverness, which makes each one radically different from each other. For an inclusive understanding, we have classified them into the following:

Remote Access Trojans

Remote Access Trojans are the most frequently available trojans. These give an attacker absolute control over the victim’s computers. The attacker can go through the files and access any personal information about the user that may be stored in the files, such as credit card numbers, passwords, and vital financial documents.

Password Sending Trojans

The intention of a Password Sending Trojan is to copy all the cached passwords and look for other passwords as you key them into your computer, and send them to particular email addresses. These actions are performed without the awareness of the users. Passwords for restricted websites, messaging services, FTP services and email services come under direct threat with this kind of trojan.

Key Loggers

Key Loggers type of Trojans logs victims’ keystrokes and then send the log files to the attacker. It then searches for passwords or other sensitive data in the log files. Most of the Key Loggers come with two functions, such as online and offline recording. Of course, they can be configured to send the log file to a specific email address on a daily basis.

Destructive Trojans

The only purpose of Destructive Trojans is to destroy and delete files from the victims’ computers. They can automatically delete all the core system files of the computer. The destructive trojan could be controlled by the attacker or could be programmed to strike like a logic bomb, starting on a particular day or at specific time.

Denial of Service (DoS) Attack Trojans

The core design intention behind Denial of Service (DoS) Attack Trojan is to produce a lot of internet traffic on the victim’s computer or server, to the point that the Internet connection becomes too congested to let anyone visit a website or download something. An additional variation of DoS Trojan is the Mail-Bomb Trojan, whose key plan is to infect as many computers as possible, concurrently attacking numerous email addresses with haphazard subjects and contents that cannot be filtered.

Proxy/Wingate Trojans

Proxy/Wingate Trojans convert the victim’s computer into a Proxy/Wingate server. That way, the infected computer is accessible to the entire globe to be used for anonymous access to a variety of unsafe Internet services. The attacker can register domains or access pornographic websites with stolen credit cards or do related illegal activities without being traced.

FTP Trojans

FTP Trojans are possibly the most simple, and are outdated. The only action they perform is, open a port numbered 21 – the port for FTP transfers – and let anyone connect to your computer via FTP protocol. Advance versions are password-protected, so only the attacker can connect to your computer.

Software Detection Killers

Software Detection Killers kill popular antivirus/firewall programs that guard your computer to give the attacker access to the victim’s machine.

Note: A Trojan could have any one or a combination of the above mentioned functionalities.

The best way to prevent a Trojan Horse Virus from entering and infecting your computer is to never open email attachments or files that have been sent by unknown senders. However, not all files we can receive are guaranteed to be virus-free. With this, a good way of protecting your PC against malicious programs such as this harmful application is to install and update an antivirus program.

source: http://www.reuters.com/article

Its a cruel irony in information security that many of the features that make using computers easier or more efficient and the tools used to protect and secure the network can also be used to exploit and compromise the same computers and networks. This is the case with packet sniffing.

A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used legitimately by a network or system administrator to monitor and troubleshoot network traffic. Using the information captured by the packet sniffer an administrator can identify erroneous packets and use the data to pinpoint bottlenecks and help maintain efficient network data transmission.

In its simple form a packet sniffer simply captures all of the packets of data that pass through a given network interface. Typically, the packet sniffer would only capture packets that were intended for the machine in question. However, if placed into promiscuous mode, the packet sniffer is also capable of capturing ALL packets traversing the network regardless of destination.

By placing a packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze all of the network traffic. Within a given network, username and password information is generally transmitted in clear text which means that the information would be viewable by analyzing the packets being transmitted.

A packet sniffer can only capture packet information within a given subnet. So, its not possible for a malicious attacker to place a packet sniffer on their home ISP network and capture network traffic from inside your corporate network (although there are ways that exist to more or less “hijack” services running on your internal network to effectively perform packet sniffing from a remote location). In order to do so, the packet sniffer needs to be running on a computer that is inside the corporate network as well. However, if one machine on the internal network becomes compromised through a Trojan or other security breach, the intruder could run a packet sniffer from that machine and use the captured username and password information to compromise other machines on the network.

Detecting rogue packet sniffers on your network is not an easy task. By its very nature the packet sniffer is passive. It simply captures the packets that are traveling to the network interface it is monitoring. That means there is generally no signature or erroneous traffic to look for that would identify a machine running a packet sniffer. There are ways to identify network interfaces on your network that are running in promiscuous mode though and this might be used as a means for locating rogue packet sniffers.

If you are one of the good guys and you need to maintain and monitor a network, I recommend you become familiar with network monitors or packet sniffers such as Ethereal. Learn what types of information can be discerned from the captured data and how you can put it to use to keep your network running smoothly. But, also be aware that users on your network may be running rogue packet sniffers, either experimenting out of curiosity or with malicious intent, and that you should do what you can to make sure this does not happen.

source: http://netsecurity.about.com/cs/hackertools/a/aa121403.htm