Do not Allow Internet Browsers or Security Programs Save Passwords

The first time you surf to a website that asks for a password, your browser will ask you if you want to remember it.

What a great idea! The browser can save the password and I won’t have to remember all the different passwords I have for different sites!

What seems like a good thing really isn’t. If your computer is infected by an advanced threat, like the ZeuS Banking Trojan, one thing they do is look for your stored passwords and send them to the malware control server.

This is just not your passwords stored by IE or Firefox, but also passwords stored by “Internet Security Programs” that are supposed to save and protect your passwords.

The best bet is to never allow your internet browser (or security program) save passwords for you.

So what can you do if you have already told your browser to save your passwords? In Internet Explorer go to “Safety”, then “Delete Browsing History”. You will see a screen like the one above. Just make sure “Passwords” is checked and then hit delete. 

In Firefox go to “Tools”, “Options”, “Security”, “Saved Passwords” and “Delete all”. That should do it.

 If you are interested in learning more about the current version of ZeuS and what it can do, check out Secureworks Threat Analysis.


Online Safety: Advanced Threats and Anti-Virus

Basic security 101 tells you that if your machine is patched and your anti-virus is up to date, then you are relatively safe online. This is no longer a fact.

Hackers have learned quite a while ago that anti-virus was there #1 enemy. So, they modify their malware source code to avoid detection.

I read an article once in Hakin9 magazine where to avoid anti-virus all one needed to do was add a random text file to the front of the malicious code to fool anti-virus. Sounds unbelievable, but the author tested it, and it worked.

Anti-virus has gotten smarter, but so hasn’t the technology to bypass it. Most hackers currently use an obfuscator program to bypass anti-virus and they work very well. The advanced persistent threat infected thousands of machines which had firewalls up, intrusion detection systems and current Anti-Virus.

How? Signature based virus detection can no longer keep up with the sheer volume of new viruses and cleverly obfuscated malware. Also, spyware blockers will not work, if you allow the program to run!

The Social Engineering Toolkit is a perfect example of this. You create an obfuscated client and if the target allows it to install, you get a remote shell, easy as that, regardless of security updates, firewalls and anti-virus.

So what so we do? Do not click on unknown links. Do not install “video codecs’ to run any movies from a site you haven’t been to before (For goodness sake, use YouTube!). Be wary of links in e-mail, even “official” looking e-mails. The Kneber Botnet was installed via malicious e-mail links by many military personal who thought it was a military correspondence.

Do not run “online anti-virus” programs that pop up when you are surfing. Be very careful what PDF files you view online. Beware “free online games”, many contain backdoor trojans.

Instruct your children too on these practices (see Hackers Targeting Teens and Young Surfers).  By surfing safely, many of these advanced threats can be avoided.

Hackers Targeting Teens and Young Surfers

Recently I put four Windows 7 systems, fully patched & updated, with current anti-virus, through the most difficult security test that I could image. I unleashed seven teenagers upon them.

The teens were given no restrictions, or pre-security warnings, just to surf as they normally would. Two hours later, each computer was full of viruses.

The viruses included everything from nuisance adware to spyware and more seriously, backdoor trojans.

Each machine was infected numerous times, even though anti-virus and anti-spyware was installed and up to date.

When the searching history on each PC was examined, I found that the majority of the teen’s searches were for these types of sites:

  • Free online games
  • Music
  • Twilight
  • and last but not least,

  • Taylor Lautner
  • The majority of the infections came from these innocent looking sites. Most were installed along with the “free games” that were installed. Some came from the “video update” needed to watch the videos. And lastly, some actually tripped the anti-spyware. But when asked do you want to block this site? The answer was, of course “no”, because I want to see Taylor Lautner…

    It appears from these results that hackers are specifically targeting teens and young surfers. Those who do not understand the security risks, have not been taught about the risks or simply don’t care.

    So, what can you do if you have young surfers? Set rules up for surfing. We have found sites that we have checked and are safe & virus free for what the kids want to do. For example, when our kids look for videos they are allowed to use “You Tube”.  We no longer allow the kids to download any “free” online games. The majority of these sites had viruses, and finally we just banned them all.

    Also, we have shown the children what a fake anti-virus warning looks like and what the real one looks like. And, what to do when the spyware warnings pop up. This has worked very well and kept the machines virus free.  

    Try iCloud for Free

    As many of you know, I am not a fan of Cloud computing. But I have to admit, this looks pretty good. This is iCloud by a company called Xcerion. It basically gives you a virtual desktop with file sharing, apps and collaboration capability all through your browser.

    It comes with 3 GB of storage space, but for $39.99 you can upgrade to 100 GB of storage and it includes backup capability. I must admit, be able to access 100GB of storage through your iPhone could be handy.  

    Now, because I do not like cloud solutions, here is my security spew. Use a complex password, do not put critical or sensitive files on cloud storage, keep your anti-virus and security patches up to date.

    Why don’t I like cloud solutions? You have to remember that your data that you upload is no longer under your control in a cloud solution. You can verify the steps you take to secure your local network, but you can not verify the security steps that your cloud provider takes.They may not have the same security plans and policies that you use.

     Also, because they use computers themselves, they are susceptible to crashes, outages and viruses, just as you are. Recently the US treasury shut down 4 cloud hosted websites due to malware.

    I would show you some live screen shots of the program in action, but when I tried to login to the service twice today this is what I saw:

    I think this might be the cloud equivalent of the old Windows “Blue Screen of Death”.  🙂

    If you are interested in cloud solutions, check it out, hopefully you will have better luck than I did.