Elamb Cybersecurity

Category: Computer Security/Home Computer Security/Home Computer

  • How to get Malware/Virus/Trojans on your Home Windows computer:

    1) Use Window 9x/2000/XP out of the box DO NOT bother to reconfigure it
      

    Don't create any login accounts with strong passwords
    Do all work from the adminstrator account (Windows does this out automatically  so   don't do anything)
    Do not bother with patches no matter how critical (Windows will prompt you to update, just ignore it)
    Don't disable the guest account
    Don't change the name of default administrator account
    Enable as many network protocols as you can

     

    2) Use Internet Explorer

    If you want your system to get infected with all kinds of malware DO NOT use Firefox or anytype of pop up blockers
    When you use IE, don't increase the security under: Tools | Internet Options | Security tab, just leave it as is
    Ensure all Java and ASP scripting languages are enabled, allowing other computers to load software on your computer remotely
    Never patch Internet Explorer

    3) Connect directly to the Internet

    Do not use any kind of firewall 
    Do not use Network Adress Translation (which will hide your IP adress)
    Do not load SP2 for Window XP
      

    4) Surf the deadliest sites with no protection

    Surf Serial/Crack/Warez sites and always completely trust their sites
    Porn sites with no protection
    Screen Saver sites
    “hacker sites”  not all hackers sites just “black hats” and script kiddie type sites
    Find dark IRCs
      

    5) Behavior that will help you get your system infected.

    Download Screen Savers from site you are not sure about
    Open emails from people you don't know
    If you get a Security Warning that says “Do you want to download XXXXPROCUT NAMEXXX..” Don't even bother reading the rest just click yes.
      

    6) Software that is more than likely infected

    Tools bars that automatically download without your permission
    Kazaa and some other free P2P tools

     

    List of Tools for faster Infection:

    Internet Explorer  (Firefox can affectively block malware)
    Broadband/DSL (use of a firewall using Network Adress Translation will hide you system)
    Windows 9.x/2k/XP (open source OSes such as Linux are less likely to be hacked)

     

  • "Windows has detected spyware infection!"

    Want to know how to get rid of the “Windows has detected spyware infection!

     

    “Your computer is infected! [tag]Windows has detected spyware infection[/tag]!
    It is recommended to use special antispyware tools to prevent data loss Windows
    will now download the most up to date antispyware for you.
    Click here to protect your computer from [tag]spyware[/tag]!”

    Here is how to delete that annoying “computer is infected” message.

    If your seeing this message your system really is infected with some [tag]malware[/tag] (virus, trojan, spyware) and that message you see is a part of the malware. This type of malware typically is trying to get you to purchase a product to clean your system. When you click on the link they provide, it takes you to the very source of the malware on your system. It is supposed to look like some of the Window system messages you can get about updates. DON’T fall for it.

    DO NOT GIVE THESE PEOPLE YOUR CREDIT CARD INFORMATION!

    This page will give your more information on what it is and how to get rid of it.

  • Spy Sheriff Removal

    I was doing some testing on my Windows XP system surfing about some
    sites of “ill repute” with IE6 and got hit with something called Spy
    Sheriff    .

    Spy Sheriff is like a watered down version of PS Guard or Smithfaud.  Like PS
    Guard    , Spy Sheriff claims to want to remove all the malware it infects
    you system with.  Both of these horrible bits of malicious code
    are what I like to call scareware.  The get loaded on to your
    system along with about 100 other viruses, worms and trojans and take
    over you desktop with a message like “Spyware Infection”.  The
    application then “scans” your system.  And tells you that you must
    activate the Spy Sheriff or PS Guard in order to clean your
    system.  When attempt to remove Spy Sheriff using Add/Remove programs, it simply adds itself again once you reboot.

    In the background, all the malware they loaded on your system are
    collecting data and send status report to a parts of the world. 
    The scareware will usually make sure you know this to convince you to
    buy their product.  DO NOT GIVE THEM YOUR CREDIT CARD INFO!

    Here is how to remove Spy Sheriff.

  • Security Testing on my Window 2000 system

    I've surfing on my Windows 2000 system while completely exposed to the Internet on my DMZ.  No firewalls, no anti-virus, not even a pop-up blocker.  The box is exploited immediately. 

    Many of the default configuration on a fresh Windows 2000 box are just plain ridiculous.  For example, the C$, and parts of the root are shared out on earlier versions of Windows 2000.  Message services, port 139 and other very easy to exploit applications and services are turned on by default on Windows 2000. 

    It is no wonder Windows systems are always getting taken down.  Just turning off some of those services do quite a bit to close some of the holes on Windows boxes.  With broadband getting more popular, the combination of unprotected systems and the viral marketing of malicious code are creating a storm on the Internet.  An unprotected system is rendered completely useless in a matter of weeks (days and hours if you surf porn or serial sites).

    Here are some of the vulnerabilities on Windows systems at SANS.org.

    In all honesty, if you have a good firewall, virus protection, maybe a pop-up stopper and a good security configuration you could have a Windows 98 machine and NEVER get a virus.  

  • Critical Windows Patch May Wreak PC Havoc

    Yay, Windows! 

    A Microsoft patch meant to fix critical security flaws in Windows 2000, Windows XP and Windows Server 2003 is causing trouble for some users, the company said Friday.

    read more | digg story

  • PS Guard Removal

    PS Guard is viscious scareware that loads itself each time you attempt
    to unistall it.  It is malware that claims to be malware
    remover.  It disables your Task Manager, informs you that your
    system is infected and doesn't allow you to exit from it while it scans
    your computer for viruses.

    Removing PS Guard
    it is a bit tricky.  Adaware and Hijack this will do nothing to
    remove it.  Noahdfear over at GeekstoGo.com wrote a sweet little
    script to remove it called smitrem.  It does the trick in removing PS Guard

    I picked it up at some Russian warez site on my Honeypot sytem.

  • My Honeypot server: Message from system to alert spam

    I plugged an unpatched Windows 2000 system on the Internet with no
    firewall, antivirus or even pop up blockers to sniff out the raw filth
    being pumped to the world. 

    What I was immediately spammed with was “Message from System to Alert messages” from various “security software” sites.   Here are the results:

    Message from System to Alert” Pop ups

    These messages claimed to be from Microsoft or from my system or from
    System32 saying my registry was corrupt and a bunch of other lies.

  • Google Toolbars Phishing: How to avoid it phishermen

    Phisherman are targeting Google software:

    An Internet security specialist says a
    new threat forces computers to install faked Google software via
    Instant Messengers, which then goes phishing.

    If you have been in a coma for the last few years, phishing involves
    criminals setting up or send emails about fake sites that look exactly
    like they came from legitamate sources.  These sites usually
    attempt to collect personal information such as Login and Passwords of
    oooh, I don't know… say a PayPal or bank
    account.

    I get these phishing emails nearly everyday.  “How can you tell
    its a phishing account?”  you ask.  Well for one of my email
    accounts I don't even have a paypal account set up, and it receives
    repeat emails about my “paypal” account is going to expire, or my
    paypal account had someone added to it.  Another thing is that
    they companies such as eBay, PayPal, and banks won't ask you to
    login.  If they do, call the actual eBay service Rep and see what
    is going on DO NOT GO THERE FROM AN EMAIL LINK.. EVER.

    Another thing you can do is click the “Show Original Message” button or
    link on the opened email.  This will display the innerworkings of
    the email.  It will display the IP address where the email
    actually came from.  With Arin.net you can determine the location
    of any IP address.  And with a tool called SAM SPADE you can get
    even more information on IP addresses and DNS names.  Doing a
    simple “traceroute” command may also give IP address if all you have is
    the DNS name and want the IP.

    If you do go to the Phisher site,  first of all be careful, some
    of these sites are exploit sites meaning if you system is not patched
    and protected it could possibly load malicious code on your
    system.  Once you get to the site Right-click and “View the page
    Source” This will tell you what is really going on with the site in
    question.

    read more | digg story

  • Surfing with an Admin account or How to Get Owned

    Martin McKeay over at mckeay.net is has good methods of securing his home network:

    I'm a strong believer in the 'rule of least privileges' as my wife and children well know; at least once a week I get called over to the kids computer to log in as administrator and install some program for them. The kids have gotten used to it, but my wife hasn't and she's forgotten that I gave her the adminstrator password.

    The reason it is a great idea to use the least priveleges possible and not go surfing the net with Admin priviledges is that if you (or anyone on your computer with admin priviledges) hit an exploit site that downloads something on your system, it will do so with your administrator permissions. 

    It is best to surf the web with an account that does not have permission to download anything from the web, with elevated security features on Internet Explorer (cookies and java scripts turned off).  In fact, just use and patched version of Firefox. 

    More Security on Internet Explorer

    You can increase security feature of IE by going to Tools | Internet Options | Security tab.  Adjust the trust you have for the Internet by adjusting the level on the slider in the “Security Level for this Zone Area.” 

    If you surf the web with an administrator account without a firewall not only will you more than likely get hit with a trojan and worms you will give the masters of these products elevated priviledges to your system as they will install code in the C:\Windows\System32 – also known as root. From root a criminal hacker can do practically anything they want with your computer (including install a keylogger that copies everything you type and send the data back to some IRC room on the Internet.)

    In layman's terms, they will OWN your ass.  

    If your really paranoid: 

    Customize your selected security levels by clicking the “Custom Level” button inthe “Security Level for this Zone Area.”  Disable Active X, and Java to completely destroy the ability of malicious mobile code to affect Internet Explorer (unless its already on your system).  This will impare your ability to expirience anything beyond text.

     

  • Computer Security 101: Proactive Security

    Another university accepted ethical hacking.  Lately it seems every other month educational institutions are teaching security hacking.  I think this is good.  It is important to learn many kinds of Wire-Fu. 

    Oct. 3–NEW HAVEN, Conn. — The computer lab tucked into a corridor at Jennings Hall at Southern Connecticut State University may not look it, but it's sick.

    Viruses run rampant. Firewalls are frowned on. Here, hacking is not only encouraged, it's a course requirement.

    “Last week, I went onto a computer in the back room. Their homework was to figure out what I did and log into my fake account,” said Lisa Lancor, an associate professor of computer science.

     

    University of Calgary hacker course 

    University of Glamorgan – Certified security Testing Associate and Professional and Certified Forensic Investigation Analyst

     Internation Counsel of e-Commerce Consultants – Certified Ethical Hacker CEH – Certification