malware – Internetblog.org.uk https://www.internetblog.org.uk Web hosting, Domain names, Dedicated servers Fri, 29 Jan 2016 11:05:52 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.5 https://www.internetblog.org.uk/files/2016/01/cropped-favico-32x32.png malware – Internetblog.org.uk https://www.internetblog.org.uk 32 32 Server Attacked? Fight Back https://www.internetblog.org.uk/post/1442/server-attacked-fight-back/ Fri, 18 Jun 2010 14:24:53 +0000 http://www.internetblog.org.uk/post/1442/server-attacked-fight-back/ Batman overlooking asylum
Tehtri Security research Laurent Oudot has determined that most people who attack servers get their hacking software from freely available malware kits on the Web, rather than creating their own custom scripts. These kits often contain poorly written code that can itself be exploited.

What does all of that mean to you? Oudot says it means that you can fight fire with fire, turning the attacker’s own malware against him. The next time someone attacks your server, hacking the malware can reveal a trail of IP addresses that may even lead all the way back to the attacker’s personal computer.

Oudot admits that there may be legal issues if you decide to turn into a cyber-Batman, but says that he demonstrated that it could be done, at the SyScan 2010 security conference in Singapore, in order to “open new way[s} to think about IT security worldwide”. Right, Mr. Oudot. You just handed every victim a loaded gun and told them there may be “legal issues” in retaliating. Malware attackers, you’ve been warned.

Source: BBC
Photo: Flickr

]]>
Thousands of Fake YouTube Pages Deliver Malware https://www.internetblog.org.uk/post/1409/thousands-of-fake-youtube-pages-deliver-malware/ Wed, 09 Jun 2010 16:40:48 +0000 http://www.internetblog.org.uk/post/1409/thousands-of-fake-youtube-pages-deliver-malware/ YouTube NOAA gulf oil spill
Want to see a revealing video about the Gulf oil spill or the NBA Finals? Apparently thousands of Web users do, and many of them are being lured to video sites that look just like Google’s YouTube. But rather than playing the videos immediately, clicking “play” prompts the user to install a “media codec”. When the users accept, their computers are infected with malware.

According to the eSoft Threat Prevention Team, there are now over 135,000 such sites sprouting up all over the Web, many of which can be found by a simple Google search. Because the sites look and feel like YouTube, many users will not check the URL to verify that it actually is the giant video sharing website.

The “media codec” that the users download is actually a trojan that infects the computer and can access sensitive data, even taking control of the entire system. Currently, only 8 of 41 virus scanners are picking up the new malware, although that will probably change as the threat becomes more widespread. People who are concerned about inadvertently visiting one of these sites should use web filters that will detect malware sites and warn them before allowing the browsers to connect.

Source: Infosecurity

]]>
Is a router firewall enough to protect my server? https://www.internetblog.org.uk/post/1235/is-a-router-firewall-enough-to-protect-my-server/ Thu, 22 Apr 2010 17:03:20 +0000 http://www.internetblog.org.uk/post/1235/is-a-router-firewall-enough-to-protect-my-server/ Cisco router
Many web hosting providers and dedicated server data centers will provide router-level firewalls for their customers, mainly as a precaution to protect their infrastructure. A bot, virus, or other form of malware that gets into a single network can spread from server-to-server very quickly.

On some home networks, a router firewall may be the only one used. The problem with relying on your service provider to block unwanted incoming traffic is that you have no control over what is blocked or if anything gets blocked at all. Furthermore, larger web hosts may have thousands or even hundreds of thousands of servers all connected through a complex network of routers. Any device on the same router as you could become a potential attacker or host to a bot.

Because of that reality, relegating responsibility for your server’s security to your web host is not only a matter of putting trust in the provider, but also involves trusting everyone else in your network. That is not a risk you should be willing to take. Install a software firewall, such as APF, on your server, and consider additionally installing an application firewall, such as ModSecurity.

Photo Source: Flickr

]]>
How to secure your WordPress installation https://www.internetblog.org.uk/post/1200/how-to-secure-your-wordpress-installation/ Tue, 13 Apr 2010 18:08:29 +0000 http://www.internetblog.org.uk/post/1200/how-to-secure-your-wordpress-installation/ Wordpress administration
Yesterday, news sources and blogs announced that WordPress blogs hosted by Network Solutions were being hacked. The website owners’ credentials were stolen, and then the sites were used to redirect thousands of visitors to websites that distributed malware. Apparently, WordPress’ configuration file, called wp-config.php, stores the user’s database password in plain text. Even still, attackers would not have access to the file if the right permissions are set. The hacked sites had configuration files that were readable by the outside world, including site visitors.

Because the attack exploits user error rather than an actual bug in the WordPress code, it is important to make sure that yours or your customers’ WordPress-based sites are secure. The first thing you can do is to chmod wp-config.php to 640, which means any outside site visitors will be completely denied.

chmod 650 wp-config.php

The second is to deny access using your .htaccess file, since no one who accesses the webserver will actually need access to the file under any circumstances.

# to protect wp-config.php

order allow,deny
deny from all

That is essentially all it takes and is actually more than is probably necessary to keep everything secure.
Warning: Some web hosting providers provide automated scripts to install WordPress for you. Do not assume that those installations are automatically secure.

Photo Source: Wikimedia Commons

]]>
Symantec: China is number-one source of malware https://www.internetblog.org.uk/post/1141/symantec-china-is-number-one-source-of-malware/ Fri, 26 Mar 2010 19:30:44 +0000 http://www.internetblog.org.uk/post/1141/symantec-china-is-number-one-source-of-malware/ binary
According to a recent study conducted by Symantec, more malware originates from China than any other country– 28.2%, in fact.

Close behind China is Romania, which is responsible for 21.1% of malware. Next was the United States at 13.8%. Symantec found that although the majority of malware appears to come from North American mail servers, the original source is usually abroad.

Interestingly, a great deal of malware now targets people in specific roles rather than the public at large. Individuals with titles such as “director, senior official, vice president, manager, and executive director” tend to be hit with more spam, as do workers in the public policy and defense industries.

Photo | clix

]]>
Keep Your Website Safe from Hackers https://www.internetblog.org.uk/post/465/keep-your-website-safe-from-hackers/ Tue, 08 Sep 2009 15:34:00 +0000 http://www.internetblog.org.uk/post/465/keep-your-website-safe-from-hackers/ Secure USB
Question: How do I keep my hosting account from being hacked?

Answer:

1. More than anything else, it is important to keep your passwords secret and unique. No one else should have your password, not even your web host. If someone emails you pretending to be your web host or other authority and asks you for your password, do NOT believe it. Contact your web hosting company and let them know about the email. Also, make your password difficult to guess. Try to use a mixture of letters and numbers rather than a real word.

2. Always keep your personal computer clean from viruses and perform all of your security updates. Chances are, if you are infected with malware or a botnet, it will seek out the computers you connect to first, starting with your server.

3. Always keep third-party scripts and software up to date. This is crucial. You could have taken all other precautions, but if your shopping cart or forum has an unpatched security hole, you are in for a hurting — something that could affect your entire server and be grounds for account suspension.

4. Make sure that none of your files have world-writable permissions. In Linux, this means 777. In a file manager or FTP program, it might look like “-rwxrwxrwx”. Files should be either 755 (only for executable files, when a script requires it) or 644 (writeable only to you and read-only to everyone else). Those will look like “-rwxr-xr-x” and “-rw-r–r–“.

Photo: SXC

]]>
One Search for Jessica Biel Could Be Your Last https://www.internetblog.org.uk/post/424/one-search-for-jessica-biel-could-be-your-last/ Wed, 26 Aug 2009 13:20:40 +0000 http://www.internetblog.org.uk/post/424/one-search-for-jessica-biel-could-be-your-last/ Jessica Biel
You had a long day at work and just want to unwind. How harmless would it be to do a quick search for some hot pictures of a famous actress? On one particular night, you decide to search for Jessica Biel. All appears to go well, but a few days later, your computer is slowing down, acting kind of funny. You might well have been infected with spyware, malware, viruses, or adware.

McAfee’s annual survey revealed that Biel had surpassed Paris Hilton and Brad Pitt as the riskiest celebrity to search for. People looking for pictures, wallpapers, screensavers, and videos often encounter websites phishing schemes, spyware, and viruses. Nearly half of all websites claiming to have Jessica Biel screensavers are malicious.

“Cybercriminals are star watchers too—they latch onto popular celebrities to encourage the download of malicious software in disguise,” McAfee Avert Labs VP Jeff Green said in a statement.

Malware can be particularly dangerous because attackers often use someone’s computer to attack other computers or servers without their knowledge. Such computers can remain infected for long periods of time without any visible symptoms. They can also be used to steal private financial information from an unsuspecting user. While there is software that can scan your computer and warn you of potential dangers, the best defense is to only visit websites you trust.

Source: Ars Technica
Photo: Flickr

]]>
Latvian Hosting Company Shut Down After Botnet https://www.internetblog.org.uk/post/360/latvian-hosting-company-shut-down-after-botnet/ Thu, 06 Aug 2009 12:24:21 +0000 http://www.internetblog.org.uk/post/360/latvian-hosting-company-shut-down-after-botnet/ Authentication required password
The infamous botnet named Zeus has been called the world’s biggest cybercrime botnet. It infected 3.6 million PCs that were used the computers to launch phishing attacks, stealing credit card and banking information all over the world.

The botnet was linked to Rock Phish, a Russian gang. After an investigation, authorities traced the malware to its source: a web hosting company in Latvia called Real Host. Now, the Swedish service provider Telia Sonera, which provided service to Real Host, has shut down their Internet connections. There was no report about what legal action will be taken on the owners of the company.

Malware has become an underground leg of the software industry. Gangs like Rock Phish can purchase botnets like Zeus for about $1000 on the black market. It does not take them long to make up the difference when they can launch attacks on millions of computers, stealing hundreds or even thousands of credit card numbers and banking information.

Source: ComputerWeekly.com
Photo: Flickr

]]>
Researchers virtualize 1 million Linux kernels https://www.internetblog.org.uk/post/335/researchers-virtualize-1-million-linux-kernels/ Thu, 30 Jul 2009 15:27:20 +0000 http://www.internetblog.org.uk/post/335/researchers-virtualize-1-million-linux-kernels/ Thunderbird cluster
Villains beware. Researchers at Sandia National Laboratories have created the mother of all supercomputers that could be used in the fight against botnets and other massive computer attacks. Their supercomputer, called Thunderbird is made up of a 4,480-node high performance cluster. Each cluster ran 250 virtual machines, each running the Linux kernel, for a total of 1.12 million.

Prior to this feat, the best they could manage was a measly 20,000 kernels. Aside from the huge Enemy Territory bot army you could create, the virtualized kernels could be used for more real-world uses like modeling climate change, developing new medicine, and monitoring large cyberattacks.

“Eventually, we would like to be able to emulate the computer network of a small nation, or even one as large as the U.S., in order to ‘virtualize’ and monitor a cyberattack,” [Ron] Minnich said in a statement.

A botnet is an automated malware program that is unknowingly installed on user computers throughout the world, sometimes numbering in the thousands. The bots collectively strike at a predetermined time, wreaking havoc on computer networks, even large ones. Running virtualized clusters will allow researchers to study the botnet behavior in a closed environment.

Source: ZDnetAsia
Photo: Sandia.gov

]]>
The Internet is big, really big https://www.internetblog.org.uk/post/334/the-internet-is-big-really-big/ Thu, 30 Jul 2009 15:09:29 +0000 http://www.internetblog.org.uk/post/334/the-internet-is-big-really-big/ Homer staring at a big laptop
According to new Internet data, there are now more websites than people in the world — over 1 trillion. With such large numbers, there are 150 domains per person, and it would take 31,000 to read all of them, even if you spent only one minute on each and never slept. Still, just 1.46 billion out of 6 billion people in the world use the Internet, meaning it would take a long time even for all of them combined to see all websites.

China leads the list with 338 million users, with the US trailing at 227 million. Japan, India, and Brazil round out the top five. The UK is a bit lower with 48 million users, reflective of its smaller population. The interestingly neglected part of this data and most raw data like it, is that there is no analysis of the website content.

Of the 1 trillion websites out there, how many are made up of malware, spam harvestors, phishing, fraud, schemes, ad portals, parked domains, and cybersquatting? Furthermore, of the sites that are none of the above mentioned, how many are actually useful and worth visiting? While it may be the job of Google and Bing to index legitimate sites, it will be up to someone else to catalog and evaluate them. As the Internet continues to grow, so does the need for some time of organization.

Source: News.com.au
Photo: Flickr

]]>