Pages

Saturday, June 14, 2014

Tech Talk: Protecting Yourself from Some Nasty Malware

Protecting Yourself from Some Nasty Malware


Last week’s edition of Tech Talk shared some background behind the Gameover Zeus (GOZ) trojan, the botnet that supported its ability to steal personal and financial information, and Cryptolocker, a more recent tool used by the botnet’s bad guys to encrypt your personal files and hold them for ransom.

Have You Checked Your System for this Malware yet?

It also gave step by step directions to check your Windows-based system for these threats, especially valuable now as the botnet was taken down by law enforcement agencies in 10 countries. They are predicting that the take-down is a temporary action since members of the criminal group that ran the botnet are still capable of reviving the botnet and restoring contact with hundreds of thousands of infected systems.

So, if you haven’t read last week’s article or followed the directions to ensure the malware is not on your system, now is a good time to pause and go do that. These steps are not only useful for avoiding attacks from these particular threats; they will help you find other pesky critters inhibiting your system.

Go ahead…
            ….I’ll still be here when you get back…


Avoiding Inflection in the First Place

Last week, we addressed the question, “Am I at risk?” This week, the focus is on “How do I avoid inflection.” To answer that question, we need to understand the behavior of trojan malware.

The principal behind trojan is not very technical at all. As depicted in the Homer’s second book of the Aeneid, The Trojan Horse was a ruse by the Greeks used to take the City of Troy.


In other words, its success depended on predicting the actions of Troy’s citizens who pulled the wooden structure inside their city walls. This allowed soldiers hidden inside the structure free access and the ability to open doors and let the rest of the Greek soldiers into the city.

The Trojan Horse and Trojan Malware both use the same means to be successful: you.

It’s called Social Engineering

Security Consultant Christopher Hadnagy on his educational web site, Social-Engineer, calls it a blend of science, psychology and art. All these complex elements are simply focused on how to influence you to do what they want.

In Unmasking the Social Engineer: The Human Element of Security, Hadnagy says, “A social engineer writes emails that use fear, curiosity or authority to get the reader to perform an action that is not in his or her best interest.”

It could be something minor like making that impulse purchase, or encouraging you to fill out that contest form. Or it could be clicking on that attachment in email.

That is how GameoverZeus gets on your computer. It’s called phishing and you are the target.

Here’s the scenario:
You receive an email claiming to be from a major bank, shipping company, or government agency that requires you to take action to correct a problem or confirm information, or claim a prize. When you click on the attachment or link provided, it launches a program that downloads GameoverZeus which takes control of the system without your knowledge.

How do you tell a phishing mail from a real one?


There is no clear straightforward way to know, but there are often signs. These emails consistently want to take action whether it is opening an attachment or clicking on a link.

While they may come from a bank or shipper you know and may even contain official-looking brand images, the style or the request is often unusual for that company. For example, Microsoft and FedEx have strict guidelines and do not send unsolicited mail. Other things to look for include:
  • Misspellings in the email. In an “official communication,” this is a big tipoff.
  • Links don’t match the company website or even what is displayed. If your email allows you to hover over a link to display its full address, you may find the company name buried in the address but it isn’t the actual web site. Big giveaways are sites that just use an IP address (http: // 107.183.12....).
  • Attachments are often .zip or .exe files
  • The subject line may not match the contents of the message.


“Let’s be careful out there” (Sgt. Phil Esterhaus at the end of every role call in “Hill Street Blues”)

Ultimately, you have to trust your gut and suspect anything that seems out of order with the email. Browse your spam or junk mail folder to get familiar with things that are routinely stripped from your incoming mail and see if you can figure out why.

Treat email like your neighborhood. Just as there are probably alleys or other environment that don’t appear “safe,” based on your experience, start building your “street smarts” for email.

In the meantime, avoid opening any unexpected email attachments, no matter how attractive or urgent the message appears to be.


Do you have a follow up on this topic or technical question on that needs to be answered or explored? Please share it with me at brian@bostonlegacyworks.com. Your question may show up here on Tech Talk.


No comments:

Post a Comment

We encourage the thoughtful sharing of information and ideas. We expect comments to be civil and respectful, with no personal attacks or offensive language. We reserve the right to delete any comment.