Computer Security

Find out how you can keep your computer safe

Department of Defense Crackdown on Security

The top commander of the department of Defense network operations  just ordered a crackdown on security. According to a recent article by NetworkWorld on January 16,2006,  Lt. General Charles Croom is quoted as saying, “The attacks are coming from everywhere and they’re getting better.” His talk was the keynote address at the Department of Defense Cyber Crime Conference held on  January 9 - 14, 2005  in Clearwater, Florida.  The event is sponsored by the Defense Cyber Crime Center and the Joint Task Force.  Over 500 computer crime specialists from the FBI and the military attended the event.
The crackdown was related to a recent arrest of a “Computer Virus Broker” named  Jeanson James Ancheta.  On further investigation, a Department of  Justice press release from Nov 3rd, 2005 offered the  following information on this incident, “In the first prosecution of its kind in the nation, a well-known member of the “botmaster underground” has been indicted on federal charges for profiting from the use of “botnets” – armies of computers that are under the control of the botmaster and are used to launch destructive attacks or to send huge quantities of spam across the Internet.
Jeanson James Ancheta, 20, of Downey, California, was arrested this morning by special agents with the Federal Bureau of Investigation. Ancheta was indicted yesterday in two separate conspiracies, as well as substantive charges of attempting to cause damage to protected computers, causing damage to computers used by the federal government in national defense, accessing protected computers without authorization to commit fraud and money laundering.”
The press release goes on to describe more details of this scheme that clearly show why the Deparment of Defense is so concerned (for more information go to:  http://www.usdoj.gov/criminal/cybercrime/anchetaArrest.htm )
“Ancheta had become an affiliate of several different advertising service companies, and those companies paid him a commission based upon the number of installations. To avoid detection by network administrators, security analysts and law enforcement, Ancheta would vary the download times and rates of the adware installations. When companies hosting Ancheta’s adware servers discovered the malicious activity, Ancheta redirected his botnet armies to a different server he controlled to pick up adware. To generate the roughly $60,000 he received in advertising affiliate proceeds, Ancheta caused the surreptitious installation of adware on approximately 400,000 compromised computers. Ancheta used the advertising affiliate proceeds he earned to pay for, among other things, the multiple servers used to conduct his schemes.
Ancheta used programs powerful enough to cause the infection of computers at the Weapons Division of the United States Naval Air Warfare Center in China Lake, as well as computers belonging to the Defense Information Systems Agency, a component of the United States Department of Defense. Both networks are used exclusively by the federal government in furtherance of national defense. After being arrested this morning at the FBI Field Office in Los Angeles, Ancheta was transported
to United States District Court in Los Angeles. It is unclear if he will make his initial court appearance this afternoon or tomorrow. Ancheta is charged with two counts of conspiracy, two counts of attempted transmission of code to a protected computer, two counts of transmission of code to a government computer, five counts of accessing a protected computer to commit fraud and five counts of money laundering. Count 17 of the indictment seeks the forfeiture of more than $60,000 in cash, a BMW automobile and computer equipment that the indictment alleges are the proceeds and instrumentalities of Ancheta’s illegal activity.”
Some recent news.  Ancheta pleaded guilty to charges of conspiring to violate anti-spam and computer misuse laws, and fraud and will serve from 4-6 years in prison, under the plea agreement - plus heavy fines.

Spyware Beware

Spyware and Adware are not only an ever increasing nuisance for computer users everywhere, but also a booming industry.   According to Webroot Software, Inc., the distribution of online advertisements through spyware and adware has become a $2 billion industry. 

The aggressive advertising and spying tactics demonstrated by some of these programs, require an equally aggressive response from a seasoned eradicator.  Sunbelt Software is such a company.  A leader in Anti-Spyware, Anti-Spam, Network Security and System Management tools, they gave consistently remained on the cutting-edge of anti-spyware programming since 1994.

One of their more notable software applications is CounterSpy 1.5.  CounterSpy is designed to detect and remove spyware that is already in your computer system.  Additionally, it provides real-time protection while preventing browser hijacking and changes to your computer’s Registry.

Other notable features include:
Detection and Removal of Tracking Cookies – while it is true that applications like Microsoft AntiSpyware Beta are free, they do not include the ability to detect and remove tracking cookies like CounterSpy does.
History Cleaner - erases any traceable trails left on your computer as you surf the Internet.
Secure File Eraser - a powerful deletion tool that can completely eliminate all files you want removed from your computer including images, music, movies and applications.
PC Explorer - allows you a look into files and areas that are normally inconvenient to access, such as your startup programs, browser helper objects, and ActiveX programs that are being downloaded or used.
Support for Older Operating Systems – includes Windows 98SE, Windows ME, and Windows NT.

Recommended by PC World, ConsumerSearch, and Dell, CounterSpy holds one of the highest effective ratings for spyware removal.  It also received high marks from TopTenReviews (2006) for ease of use, customization/installation, and help/support.  For only $19.95 per machine, users can receive a one year subscription with updates, upgrades, and technical support from real live humans.  CounterSpy definitely provides ease of use and affordability for just about any computer user from the novice to the expert.

Every day new computer viruses are created to annoy us and to wreck havoc on our computer systems. Below are ten viruses currently cited as being the most prevalent in terms of being seen the most or in their ability to potentially cause damage.   New viruses are created daily.  This is by no means an all inclusive list. The best thing you can do is to remain vigilant, keep your anti-virus software updated, and stay aware of the current computer virus threats.

Virus:  Trojan.Lodear
A Trojan horse that attempts to download remote files. It will inject a .dll file into the EXPLORER.EXE process causing system instability.

Virus:  W32.Beagle.CO@mm
A mass-mailing worm that lowers security settings.  It can delete security-related registry sub keys and may block access to security-related websites.

Virus:  Backdoor.Zagaban
A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.

Virus:    W32/Netsky-P
A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.

Virus:  W32/Mytob-GH
A mass-mailing worm and IRC backdoor Trojan for the Windows platform.  Messages sent by this worm will have the subject chosen randomly from a list including titles such as:  Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.

Virus:  W32/Mytob-EX
A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH.  W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.  This virus spreads by sending itself to email attachments harvested from your email addresses.

Virus:  W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER
This family of worm variations possesses similar characteristics in terms of what they can do.   They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network.   Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).

Virus:  Zafi-D
A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe.  It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension.  W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe. W32/Zafi-D will also display a fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".

Virus:  W32/Netsky-D
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.

Virus:    W32/Zafi-B
A peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com.  A bilingual, worm with an attached Hungarian political text message box which translates to “We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, Pécs (SNAF Team)”

I recently hit, by mistake, what I thought was an Explorer upgrade option.  It turned out to be a pop-up appearing legitimate but really was not. It uploaded a product called Intelligent Explorer on my machine.  What a nightmare!

I did some research on the web and found messages like this one from a BullGuard Antivirus Forum,

"PLEASE HELP!!!  I HAVE A SPYWARE, TROJAN AND HIJACKER ON MY COMPUTER.  I HAVE RUN BULLGUARD, CWSHREDDER AND AD-AWARE.  ALL HAVE PICKED UP THE VIRUSES AND SAID THAT THEY HAVE BEEN MOVED/REMOVED BUT WHEN I LOG ONTO THE INTERNET THAT DAMN INTELLIGENT EXPLORER TOOLBAR IS SHOWING"

Another message from spywareinfo Forum goes something like this:

"Hey I'm having issues with something called Internet explorer toolbar - Intelligent explorer. I can’t find a way to remove it from my comp and I really don’t want to reinstall windows. I've used spybot, ad-ware, and cw shredder but nothing seems to work."

It appears that Intelligent Explorer allows other software to be downloaded to your machine and this is where the problem occurs. What is even more remarkable is that by downloading Intelligent Explorer, their license grants them the right to install software add-ins on your computer at their will.  Take a look at what the software license for Intelligent Explore says (go to http://www.ieplugin.com/terms.html to read it all):

"You grant to us the right, exercisable by us until you uninstall the Software or this agreement is otherwise terminated, to provide to you the Service of downloading and causing to be displayed advertising material on your computer, through ‘pop-up’ or other display while you use your browser.  You acknowledge and agree that installation of the Software may automatically modify toolbars and other settings of your browser.  By installing the Software you agree to such modifications."

The company, IBC incorporated, is incorporated in Belize.  I really can't believe this license!


One end user found highly objectionable pop-up advertisements generated by this software bundled with Intelligent Explorer in the form of extreme pornography.

I have yet to break this.


Intelligent Explorer is a plug-in, which can create a new home page, as well as start up and endless loop of pop-ups. You can remove the view bar, but then starting up Internet Explorer will cause it to reappear.  I asked some friends to help, and no one could tell me what to do.

This is what I did:

    I bought a copy of a program called XoftSpy and it removed the software. It took two scans and a reboot to do it. This is not an advertisement for this product.  They advertised it was free, which it was to run, but then I had to buy it to actually fix anything. It cost me $40 and I am sure that there are freeware products out there as well, but that is what ended the nightmare for me. Other spyware products I have seen out there include spybot, NoAdware, Spyware Eliminator, Pal Spyware Remover, and Spyware C.O.P.

    Let the buyer beware!

What does encryption do for me?

Encryption and cryptographic software has been used in many different ways to make systems more secure.  This article discusses only a few ways that such software can make your system more secure, including:

1) Encrypting your email

2) Encrypting your files

To programs are mentioned that will help encrypt information. There are many more programs out there that will help, but these programs are good and a good place to start as any. They have the added benefit of both being free with source code available.

Will encryption stop people from accessing my information?

Encryption simply makes it harder for people to gain access to important information, like passwords or sensitive information in a file. The first thing you should know about encryption is that the algorithm that is used to encrypt can be simple or more complex and that affects how securely what you have encrypted is protected.  Encryption systems have been broken when the method of encryption is understood by hackers and is easy to break. 

Why bother to encrypt my email?

It should be noted that email is far less secure than paper mail for two very good reasons:  first, electronic data can be accessed easily over an Internet and secondly, electronic data is really simple to copy. There is a very good chance that someone has snooped around in your email despite your best intentions to stop it.

How do I go about encrypting my email?

There are many programs out there that can help you encrypt your email.  A very popular one is PGP (Pretty Good Privacy) or its Gnu offshoot GPG.  

PGP (http://www.pgpi.org/) self-describes itself this way: This "is a program that gives your electronic mail something that it otherwise doesn't have: Privacy. It does this by encrypting your mail so that nobody but the intended person can read it. When encrypted, the message looks like a meaningless jumble of random characters. PGP has proven itself quite capable of resisting even the most sophisticated forms of analysis aimed at reading the encrypted text."

Why bother to encrypt my files?

The answer to this boils down to what you store on your computer.  If you have financial data with important information like social security numbers, email addresses, account numbers and passwords, then you open yourself up to losing very valuable information.  Most corporate Internet security employees will attest to the widespread theft of very valuable information. As long as you are connected to the Internet you are vulnerable.

How do I go about encrypting my files?

AxCrypt File Encryption Software  (http://axcrypt.sourceforge.net/) Self-described as "Free Personal Privacy and Security for Windows 98/ME/NT/2K/XP with AES-128 File Encryption, Compression and transparent Decrypt and Open in the original application."

There is a lot going on in the information security space. 2006 looks to be an interesting year in these regards. Below are some things to watch for in 2006, some of them are good and, unfortunately, some aren’t.  


First the good news:

- We are getting a lot more serious about our security. This has a lot of reasons behind it. For example, new privacy laws are mandating organizations to tighten their security.  Look to see more consumer privacy laws passed in the coming year and more tightening of security systems.

- Authentication requirements are increasing. This is closing in large security holes.  Corporations are requiring a great deal more of authentication to get into secure systems (this also is on the bad news side)

- There is a plethora of sophisticated programs to help us be more secure and they will continue to get better. Competition right now is strong in the security industry sparking a lot of innovation.

- ISPs are now taking on the responsibility to help us with our security. Take AOL's recent commercials as a good sign that others will follow the trend.



Now the bad news:

- Securing our networks is costing us.  Most companies are globalizing their organizations and making them secure costs a lot of money.  It will get worse before it gets better.

- Authentication requirements are increasing. This is getting claustrophobic.  Corporations are requiring a great deal more authentication to get into secure systems (This is also on the good news side) Unfortunately, for the end user, it is one more thing to be unhappy about, not unlike airport security lines.

- Hackers are getting more sophisticated.  For example, Botnets are becoming more complex and harder and harder to catch and stop. Do a search on botnets on the Internet. They really are causing a whole lot of problems, but it does not stop there. The number of viruses and malware out there is staggering.

- Spammers keep finding more creative ways to fill our email boxes.  Don't look for this trend to stop anytime soon.