Online Safety: Advanced Threats and Anti-Virus

Basic security 101 tells you that if your machine is patched and your anti-virus is up to date, then you are relatively safe online. This is no longer a fact.

Hackers have learned quite a while ago that anti-virus was there #1 enemy. So, they modify their malware source code to avoid detection.

I read an article once in Hakin9 magazine where to avoid anti-virus all one needed to do was add a random text file to the front of the malicious code to fool anti-virus. Sounds unbelievable, but the author tested it, and it worked.

Anti-virus has gotten smarter, but so hasn’t the technology to bypass it. Most hackers currently use an obfuscator program to bypass anti-virus and they work very well. The advanced persistent threat infected thousands of machines which had firewalls up, intrusion detection systems and current Anti-Virus.

How? Signature based virus detection can no longer keep up with the sheer volume of new viruses and cleverly obfuscated malware. Also, spyware blockers will not work, if you allow the program to run!

The Social Engineering Toolkit is a perfect example of this. You create an obfuscated client and if the target allows it to install, you get a remote shell, easy as that, regardless of security updates, firewalls and anti-virus.

So what so we do? Do not click on unknown links. Do not install “video codecs’ to run any movies from a site you haven’t been to before (For goodness sake, use YouTube!). Be wary of links in e-mail, even “official” looking e-mails. The Kneber Botnet was installed via malicious e-mail links by many military personal who thought it was a military correspondence.

Do not run “online anti-virus” programs that pop up when you are surfing. Be very careful what PDF files you view online. Beware “free online games”, many contain backdoor trojans.

Instruct your children too on these practices (see Hackers Targeting Teens and Young Surfers).  By surfing safely, many of these advanced threats can be avoided.

~ by D. Dieterle on September 14, 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: