Elamb Cybersecurity

Category: Computer Security/Home Computer Security/Home Computer

  • Importance of applying security to your system

    This is an update on my first post about the removing the trojan called smithfraud.  I help my friend get rid of the trojan and had the system purring, but shortly after he got back on the Internet with no protection and got hacked again.  This time worse then before.  Not only did he get smithfraud AGAIN but he got some crap I never even heard of.  I may have to wipe his entire hard drive.

    I constantly tell him how important it is to secure your system even if your on dial-up.  Just having Sp2 for XP is not enough.  I recommend at least a firewall

    If you have a broadband connection check out my walk through on securing broadband Internet connections.

  • Broadband Internet Security


    3 Easy Steps for Broadband Internet Security for your Cable Modem and DSL

     

    Broadband Internet Security for Cable Modems/DSL: 

    1)    Get Yourself a Router

    If
    your ISP issues you a fairly robust router with instructions on how to
    secure it, you may not need a router. Just follow their instructions on
    how to configure the security on the device. Step 1B explains what
    security features are needed.

     

    A. Types of routers:

     

    linksys, Netgear, Actiontec When you buy a router look for the following features:

     

    Four 10Base-T/100Base-TX RJ-45 ports, one 10Base-T broadband WAN port, one 10Base-T/100Base-TX RJ-45 uplink port

     

    This means that it can get four of you

    computers online using Cat 5.

    If you have multiple computers and your Cable/DSL device does not support more than one connection I do NOT recommend wireless.

    If
    you can, connect the DSL device to another router. You will need to use
    a crossover CAT 5 cable to connect the two like devices (i.e. computer
    to computer, router to router) require a crossover cable.

    A USB cable will also work.

     

    B. Configure the Router Correctly:

    For
    security, as a minimum, use the Network Address Translation (NAT)
    feature of the router to hide your internal computers from the
    Internet.

    You may have to go to an Advanced Setup Feature on your router to turn on the NAT feature.

    C.     Additional Router Security

             Features

    Some
    routers offer additional firewall features for broadband Internet
    security such as actively closing ports, blocking websites, blocking
    services and integrating third party software firewalls such as
    ZoneAlarm and PC-Cillin.

     

    2)    Consider using software to protect your system for broadband Internet security

     
    A.    Virus protection

    Free online virus scan:

    Pandasoftware

    Trendmicro

    More Free Virus tools:

    Freebyte

    Thefreesite Dot Com

    Free trial of Norton Anti-Virus

    Free for DOD Employees

    Other virus tools:

    AVAST

    Grisoft

     

    IÂ’ve
    heard that Norton was better than McAfee and vise-versa, but in my
    experience basic computer security can not be beat. The best practices
    are to not download e-mail attachments from unknown sources, turn off
    java script, cookies and asp functions on the browser and make sure you
    donÂ’t put virus infected disks into your system. If you do use
    Anti-virus software make sure it is updated with the latest virus
    definitions.

     

    Even More Anti-Virus Resources

    Software Downloads:

    MajorGeeks
    As you can see MajorGeeks is one of the best resources for freeware on the net.

    B.    Ad-ware protection

    In
    my opinion, adware, spam and spyware have become worse than Virii,
    trojans, worms, logic bombs or any other malware in compromising
    broadband Internet security.

     

    Many
    times there is no difference between adware, spyware and malware.
    Adware and spyware creators are constantly coming up with creative ways
    to get there software on our computers. Just when I think IÂ’ve figured
    out a way to eliminate ALL adware, and adware, they come up with a new
    brilliant method of deploying their software on my system and keep it
    there.

     

    Here is a list of common Adware/Spyware  removal tools:

    Adaware

    Hijackthis (donÂ’t use unless you know what your doing)

    Spyware Blaster

    The
    best resource in getting rid of adware and spyware and malware are
    search engines. Usually you can find someone online who managed to fix
    the problem. Forums are an incredible resource for your broadband
    Internet security.

     

    Even More Anti-Spy/Ad ware Resources

    Software Downloads:

    MajorGeeks

    **BEWARE of WARES**

    Beware
    of Freeware & Shareware from illegitimate sites. A lot of spyware
    and shareware comes from freeware such as P2P (i.e. Kazaa). Manytimes
    what you think is free is really not free at all. Even if you have a
    rare legitimate copy of beloved Kazaa or Sharezaa, WinMX, or whatever,
    you MUST beware of what you download.

    Be
    aware that malware and spyware can be hidden in .jpg, .gif, video and
    even sound files. Its call stenography. Its very cool. The safest thing
    to do is not use P2P at all. It is almost as bad as wireless.

     

    KazaaBegone

    For secure methods of P2P check out:

    Creators of Kazaa: Joltid

           Bittorrents

    C.    Software firewall

    I
    have used firewalls built in Linksys, Netgear, and Actiontec routers
    and I think they work great. They are by no means the push button
    solution to broadband Internet Security. For one thing they have holes
    just like any other software, hardware and firmware on the market.
    Malware can still get to your system. Many times people think just
    because they have a firewall they have an “S” on their chest.

    Computer Security Principles

    Be humble. Know that you need:

    – More than one layer of defense (patches, security configurations, cleaning tools)


    Security awareness of what is going on with the services, applications
    and operating system you are running that are exposed to the Internet.
    Be proactive. Look at your Event/Audit logs, processes, and network
    activity at least bi-weekly.

    – If your system seems slower than usual assume the worst and check it out immediately.
    I hate software firewalls but they are probably the best way to protect your home computer if you keep up with it.

    Free software firewalls:

    Zone Alarm

    Not free but still good:

    Norton

    McAfee

    Tiny Firewall

    My resources:

    Free-firewall

    www.Majorgeeks.com

    tucows

    3)    Check your Security

     

    A.        SCAN your own IP

    These are sites that allow you to scan your system from the outside. It is a very simple penetration test.

    Sygate

    GRC

    I would also recommend using a port scanner such as SuperScan

    TASK MANAGER

    Check your processes with Task Manager

    If your on a Windows NT/2000/XP system hit

    CTRL + ALT + DEL
    and choose Task Manager. Once your in Task Manager select processes and
    take look at what is running. This is a great resource for locating and
    killing rogue applications.

     

    NETSTAT

     

    Use netstat to examine what network activity is happening on your system.

    Netstat is a built in feature.

     

    Go to Start | Run | type “cmd”

    This will bring up a DOS prompt. Type “netstat”

     

    If
    there is a ridiculous amount of activity scrolling up the screen and
    your system is a sluggish, you may have a Trojan, virus or worm.


    I had one called HWCLOCK.exe
    on my system. It actually scanned other people in my ISP's network
    looking for other people to exploit. I had to shut off the process
    called HWCLOCK in my Task Manager and remove the malware while in Safe
    Mode.

    Other Broadband Internet Security Sites:

    Broadband Internet Security software

    CERT Home Network Security

    Broadband Internet Security links

    Broadband Internet Security

     

     

  • Remove the HWCLOCK.EXE/W32.Hwbot-A Trojan

    I got the HWCLOCK.EXE when I was testing my new Internet connection.  I noticed it when my Internet DSL connection started feeling like a  56K dialup. 

    I removed it by going into Showing all files, going into Safe Mode and deleting the HWCLOCK.exe/W32.Hwbot-A Trojan.

    This is a trojan that can actually steal your passwords and other personal data.  On my system is was attacking other system.

    I've got more detail instructions on how to remove the HWCLOCK.exe at http://elamb.blogharbor.com/hacked/hwclock.htm

    If you found this post or others useful, feel free to donate to

    elamb – Home Computer Security.  No amount is too low (or high).

  • Securing Internet Explorer

    Securing Internet Explorer:
    Step 1.  Turn Security WAY UP
       Tools | Internet Options | select the Security tab | Move the
    “security levels for this zone” to HIGH

    Step 2. Turn off and Delete All Cookies.
       The first thing you should do is clear out all your cookies.
       Tools | Internet Options | select the Privacy tab | Move the slider in the Settings area to a higher level of security.  Keep in mind that if you block ALL cookies some sites will be limited or even unaccessable.. but you can always go back and change it.

    Limiting the number of cookies you except can increase your privacy

    Step 3. Disable Java and Active X
    THIS IS PRETTY EXTREME.  YOU WILL NOT BE ALOWED TO LOG ON TO WEB BASE EMAIL ACCOUNTS AND OTHER SITES REQUIRING A LOG IN.  BUT YOU WILL BE ABLE TO SURF. I personally Can not use this because it is TOO restricting.   
       Jave and Active X are know as mobile code because they download software from a remote source (or run from a remote source) to your computer.  Some of the most effective malware are mobile code.
       Tools | Internet Options | select the Security tab | Select the “Costum Level” button which will open up “security settings.”
       Once in Security Settings disable everything under “Active X” and “Scripting.”

    What I do is Highten the Security Tab and use Internet Explorer as little as possible.  I use Firefox.  It is also very important to update these (and all other applications) with the latest patches.  This, combined with my router firewall, seems to work really well. 

    Neither Firefox or Internet Explorer are secure if you don't take the appropriate measures.

    If you do use cookies you should delete them all about twice a week.

    http://elamb.blogharbor.com/hacked/igothacked.htm –> get rid of malware
    http://elamb.blogharbor.com/broadband/broadband.htm –> secure your broadband connection

  • Removal of TROJAN-SPY.HTML.SMITFRAUD.C

    A lot of people seem to have the Smitfraud trojan and seem to looking all over the place to get a fix.  So I've consolidated the best resources that I've found on the Smithfraud this blog.  Enjoy.

  • Trojan_Agent.go

    New Trojan Agent Go

    Is a memory-resident trojan that comes through via downloads from malicious web sites.  It executes files from other websites.

    Remove Trojan_Agent.go:

    Open Task Manager:
    Use CTRL+ALT+DELETE or
    CTRL+SHIFT+ESC (on XP), then click the Processes tab.

    locate the process:
    EVTHTM.EXE

    Select the EVTHTM.EXE process, then press either the End Task or the End Process button, depending on the version of Windows on your system.

    1. To check if the malware process has been terminated, close Task Manager, and then open it again.
    2. Close Task Manager.

    If the process does not shutdown, Go to Safe Mode and shut it down.

     

    Recources:

    TrendMicro

    PCHELL

  • Report Phishing Instantly with gmail

    As I was hitting the “Show Original Message” link on my gmail account, I noticed that there is a “Report Phishing” link on my gmail account. 

    Very cool.. Anyway here is the latest phishing attempt I got hit with.

    This one is supposedly from ebay.  It is saying that some has added a seller to my account.  The only thing is that I don't have an ebay account attached to this email. 

    So view the source of an email from your gmail account click “Show Options” Then “Show Original Message.”  Most email software have this feature:

                                                                                                                                                                                                                                                             
    X-Gmail-Received: 330662dcee7d7f96e1a81e48ae9c33265fe033b5
    Delivered-To: elamb.security@gmail.com
    Received: by 10.36.71.17 with SMTP id t17cs20860nza;
            Wed, 11 May 2005 14:15:24 -0700 (PDT)
    Received: by 10.36.147.8 with SMTP id u8mr396722nzd;
            Wed, 11 May 2005 14:15:24 -0700 (PDT)
    Return-Path: <root@localhost.localdomain>
    Received: from localhost.localdomain (cam-in1.ztv.ad.jp [210.236.168.2])
            by mx.gmail.com with ESMTP id 15si749916nzn.2005.05.11.14.15.23;
            Wed, 11 May 2005 14:15:24 -0700 (PDT)
    Received-SPF: neutral (gmail.com: 210.236.168.2 is neither permitted nor denied by domain of root@localhost.localdomain)
    Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
     by localhost.localdomain (8.13.1/8.13.1) with ESMTP id j4BLAxdC009474
     for <elamb.security@gmail.com>; Thu, 12 May 2005 06:10:59 +0900
    Received: (from root@localhost)
     by localhost.localdomain (8.13.1/8.13.1/Submit) id j4BLAxA5009473
     for elamb.security@gmail.com; Thu, 12 May 2005 06:10:59 +0900
    Date: Thu, 12 May 2005 06:10:59 +0900
    To: elamb.security@gmail.com
    Subject: You have successfully added a new email address
    Message-ID: <1115845859.27531.qmail@paypal.com>
    From: “eBay” <accounts@eBay.com>
    Content-Type: text/html

    <DIV><DIV id=message><TT style=”FONT-SIZE: x-small;
    FONT-FAMILY:'couriernew',monospace”>You have added <A href=”
    http://210.255.65.234/secure/login.html
    target=_blank>phoneseller@yahoo.com </A>as a new email address for your
    eBay account.<BR><BR>If you did not authorize this change or if you need
    assistance with your account, please contact eBay customer service
    at:&nbsp;</TT> <P><TT style=”FONT-SIZE: x-small; FONT-FAMILY:
    'couriernew',monospace”><A
    href=”http://210.255.65.234/secure/login.html
    target=_blank>http://scgi.ebay.com/verify_id=ebay</A><BR><BR><BR>Thank
    you for using eBay!<BR>The PayPal Team<BR><BR><BR>Please do not reply to
    this e-mail. Mail sent to this address cannot be answered. For
    assistance, log in to your eBay account and choose the<BR>”Help” link in
    the header of any
    page.<BR><BR>—————————————————————-<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    PROTECT YOUR PASSWORD<BR><BR>&nbsp;&nbsp; NEVER give your password to
    anyone and ONLY log in at <A
    href=”http://210.255.65.234/secure/login.html
    target=_blank>http://scgi.ebay.com/verify_id=ebay.</A> Protect yourself
    against fraudulent websites by opening a new web browser (e.g. Internet
    Explorer or Netscape) and typing in the eBay URL every time you log in
    to your account.<BR><BR><BR>
    —————————————————————&nbsp;&nbsp;&nbsp;&nbsp;
    <BR><BR><BR></B>eBay Email ID PP007</TT></P></DIV></DIV>

     

  • I got Hacked: phishing, hacking, social engineering, INFOSEC

    As a tribute to hacking, white hat and black hat (both the Dark Side and Light Side of the Force) I've put together a page called “I Got Hacked.” 

    In it I talk about how I was almost a victim of phishing while on ebay in December 04. I'll also talk more on how I wiped   “trojan-spy.html.smithfraud” from my friends system, since that seems to be popular. 

    I'm still working on getting some more content that is more fitting to home computer security made easy, so relax folx.  If you want some basics on how to get some security on your broadband dsl/cable device go my “Broadband Internet Security” page. 

    Seems the more aware of information security I become the more hacks I am able to reckognize and get rid of  and the more weakness' and risks I see in other peoples systems, software and social practices. 

    I like security and hacking because it can be used to strengthens existing structures be they legal or technological.  And the irony of it all is that all structures must eventually be destroyed for even galaxies die.

    There can not be birth without death, light without shadow or security without hacker exploits.

     

    phishingcomputer security

  • Google Web Accelerator – Broadband Internet Security

    Google has launched a web accelerator for broadband users.  And security has become an issue.   Some users are conscerned with cokies being copied and/or shared since the Google Web accelerator caches sites on computer systems to make downloads faster.

    Web accelerator concerns on digg.com

    by: n-g-k (0) on 10:34 AM 5/05/05 | Score:

    This is the antithesis of the anonymous proxy, you're giving up privacy for a couple more seconds of speed here and there? Google is going to log everything, find out who goes from what site to whatever other site, datamine, look for patterns, find out all kinds of things about people and society for what purpose? To help them sell more advertising and make more money? Well, that's just the primary reason, who knows what other nefarious motivations there could be. Imagine yourself owning google with all of that supercomputing power, others have said it above, google is the ultimate hacker. You can have your GWA, I say “No thanks!”

    Better solution: use Firefox, hold down CTRL when you click, any links you click on will open in a new tab and begin downloading. Using this method you can click a bunch of links you will want to see, then by the time you get to the tabs they are already opened. Use CTRL-W to close the tab when you are done reading it and the next tab will be up.

    by: n-g-k (0) on 02:23 PM 5/05/05 | Score:

    Here is a very good article that goes along with what I wrote above:

    http://www.somethingawful.com/articles.php?a=2858

    Google

    Computer Security

    broadband internet security

    privacy

  • Broadband Internet Security

    In light of the growing amount of broadband users, I've decided to make a page about broadband Internet security

    Security seems to be the last thing people think about when it should be the first.  It takes a sluggished compromised system for most users to considered examining their system. 

    There are plenty of broadband pages out there but I wanted mine to be a simple walk through for the average compuer user.

    Broadband a security issue