Volume 6, Number 1 January 2009

In This Issue 1. Consumer Awareness: Q&A – 2. Ten Do-It-Yourself Computer Security Tips– 3. Scams and Hoaxes – 4. and Apple Security Updates

1. Consumer Awareness: Spyware Q & A Q: What is spyware? A: Spyware is malicious installed on your computer without your knowledge or consent that monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your Internet surfing, or record your keystrokes, which could lead to the theft of your personal information.

Q: How can I tell if my computer is infected with spyware? A: Your computer may be infected with spyware if: - It slows down, malfunctions, or displays repeated error messages - It won't shut down or restart - It serves up a lot of pop-up ads, or displays them when you're not surfing the web - It displays web pages or programs you didn't intend to use, or sends you didn't write. Other signs include: - Your browser takes you to sites other than those you type into the address box - Your home page changes suddenly or repeatedly - New and unexpected toolbars - New and unexpected icons in the system tray (at the lower right corner of your screen) - Keys don’t work (for example, the “Tab” key that might not work when you try to move to the next field in a webform) - Random error messages

Q: What should I do if I think my computer is infected? A: Stop shopping, banking, and other online activities that involve usernames, passwords, or other sensitive information. Spyware could be sending your personal information to identity thieves. Write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem. Your notes will help you give an accurate description to the technician. At the office, report the problem to your IT help desk, network administrator, or information security officer. At home, if your computer is covered by a warranty that offers technical support, contact the manufacturer, your Internet Service Provider (Comcast, AT&T, Time Warner, Verizon, Qwest, Earthlink, etc.), or a trusted computer consultant. More information: http://www.onguardonline.gov/topics/computer-security.aspx

2. Ten Do-It-Yourself Computer Security Tips a. Treat your computer like a machine. Computers need regular maintenance. If you ignore problems or put off fixing them, you risk more than the smooth functioning of

SANS OUCH! Volume 6, Number 1 Page 1

your system. You may be inviting Bad Guys to steal your information or take over your system and use it to attack other computers. More information: http://www.microsoft.com/atwork/getstarted/maintain.mspx http://helpdesk.coloradocollege.edu/index.php/tips-and-how-to/maintain-your- computer/maintain-your-macintosh-computer/

b. Use wisely. Email is not private. Never send personal or sensitive information by email. Never view, open, or even click on email attachments unless you know who sent it, why they sent it, and what’s in it. Even messages forwarded to you by friends might contain infected attachments and links that will shuttle you off to dangerous websites. c. Don't assume your security software is working. Familiarize yourself with the security software installed on your computers. Do you have a complete suite of anti-virus, anti-spyware, and a two-way software firewall? Identify onscreen icons and messages that indicate your security software is enabled and working. If an icon is not there, if its color or shape has changed, or if you see a message that says your security software isn’t working, is out of date, or needs attention, take action to correct the problem immediately. d. Keep your software up-to-date. Many software products, including Windows and Mac OS X, have built-in automatic updaters. Make sure these are turned on. Some software products require manual updating. Know which are which on your computer. Not sure? Visit the website of the software manufacturer for tips on updating your software. Consider installing Secunia’s free Personal Software Inspector, which provides extensive details on the software installed on your computer, and gives you direct links to update programs that are older and potentially not secure More information: http://www.microsoft.com/protect/videos/Updates/UpdatesHi.html http://support.apple.com/kb/HT1338 http://www.download.com/Secunia-Personal-Software-Inspector/3000-2162_4- 10717855.html

e. Regard the Internet as a bad neighborhood at 2:00 AM. In 2008 about 1.5 billion people were using the Internet worldwide, and the number of websites approached 200,000,000. With that many apples in the barrel, it’s anybody’s guess how many are rotten. The steady growth of Web commerce attracts not only ordinary scammers, pirates, and thieves, but also national and multi-national organized crime syndicates. Criminal activity for financial gain is the single largest driver of massive increases in Internet threats, and bringing Internet criminals to justice remains a challenging task. Practice online safety. Protect your privacy, your identity, and your money. More information: http://www.microsoft.com/protect/videos/Phishing/PhishingMSHi.html & http://www.microsoft.com/protect/videos/Privacy/privacy-hi.html

f. Ratchet up your browser’s security. Malicious hackers and virus writers can infect your computer by taking advantage of low security settings in your browser software and enticing you to visit a malicious website. You can help limit your chances of being attacked by increasing your security settings and conducting business or entering

SANS OUCH! Volume 6, Number 1 Page 2

sensitive information only on secure websites. Look for addresses that begin with https:// and check for the yellow security lock icon at the bottom of your browser window. More information: http://www.microsoft.com/protect/computer/advanced/browsing.mspx http://news.cnet.com/8301-13880_3-9896427-68.html http://www.microsoft.com/protect/yourself/phishing/spoof.mspx

g. Back up your data. Here is a simple, basic backup plan. Plug a good-sized, formatted, blank thumb drive (or “USB stick”) into your computer. Double click on it and open a directory. As you work on your latest project and it comes time to take a break, save your work, close those crucial files, and drag copy them into the directory of the thumb drive. The more important your project is and the closer you get to the deadline, the more often you should pause to make a copy of your crucial files. The more often you backup, the less you stand you lose. After you’ve made a backup by whatever means, check to make sure that the copies are complete and that they work. At the office, check with IT about using a thumb drive. Some organizations do not allow them. h. Protect sensitive information, especially when you use a public computer. It’s best to avoid typing your credit card number, or other financial or sensitive information into any public computer, but sometimes you can’t avoid it. Don’t save your logon informa- tion. Don't leave a public computer unattended with sensitive information on the screen. Web browsers keep a record of your passwords and every page you visit, even after you’ve closed them and logged out. Learn how to erase your tracks. Watch for over-the- shoulder snoops. More information: http://www.microsoft.com/protect/yourself/mobile/publicpc.mspx http://support.mozilla.com/en-US/kb/Clearing+Private+Data http://www.usyd.edu.au/ict/switch/troubleshooting/cache.shtml#safari

i. Be careful with wireless networks. Secure your own wireless network by enabling and using wireless encryption that scrambles the data transmitted between your PC and your wireless router. Check your WAP (wireless access point) to find out what kinds of encryption it can provide. Out of the box, the encryption on most WAP’s will be shut off. The most effective encryption is WPA2 (Wireless Protected Access version 2). Use a strong password for your WPA2 encryption key. Before you connect to someone else’s wireless network, make sure it's a legitimate hotspot: Nefarious types have been known to set up pirate WAP’s with familiar names like "wayport" or "t-mobile," and then use them to capture passwords and other private data. Verify that your two-way software firewall is turned on, and that filesharing is off. Always turn your Wi-Fi networking off when you're not at a hotspot. More information: http://www.pcworld.com/article/130330/how_to_secure_your_wireless_network.html http://arstechnica.com/guides/tweaks/wireless-security.ars

j. Know your limits, and when you reach them, get expert advice. Not sure what the error message means? Don’t know why you got that pop-up? Puzzled because a familiar website has asked you for a password or other sensitive information unexpectedly? Not sure whether or not you should allow that program to access the Internet? Ask before you do the wrong thing. Contact your network administrator, IT Help Desk, your computer

SANS OUCH! Volume 6, Number 1 Page 3

manufacturer’s technical support department, your Internet Service Provider (ISP), or a trusted computer consultant.

3. Scams and Hoaxes

Nigerian “419” Scam Meets the FBI. Consumers continue to be inundated by emails purportedly from the FBI. Many of the emails currently in circulation claim to be an “official order” from the FBI’s Anti-Terrorist and Monetary Crimes Division, from an alleged FBI unit in Nigeria, confirming an inheritance, or containing a lottery notification millions of dollars. Recipients are instructed to furnish personally identifiable information (PII) and are often threatened with some type of penalty, such as prosecution, if they fail to do so. But these emails are scams, are not from the FBI, nor does the FBI ever send unsolicited emails of this nature. More information: http://www.fbi.gov/cyberinvest/escams.htm

Airline Ticket Scam. This email scam targets holiday travelers. Recipients get a .zip file attached to a message about an airline ticket and an ominous mention of a credit card balance. It appears to come from legitimate major airlines including Delta, JetBlue, Continental, American Airlines and Virgin America. This .zip attachment appears to contain a purchase invoice and flight ticket. But if you open the attachment, malicious code may be installed on your system. More information: http://blogs.zdnet.com/security/?p=2299

IRS Phishing Scam Targets US Immigrants. The Internal Revenue Service is warning taxpayers not to respond to a mass email phishing scam, which appears to target immigrants. The emails, purporting to come from "[email protected]," include attached fake forms that ask unwitting taxpayers to fax in personal bank account numbers. The e- mail may have a cover letter from a person identifying herself as IRS public relations employee Laura Stevens, who instructs recipients to fill out the attached W-4100B2 form. The attached form W-4100B2 does not exist but is similar to the IRS' W8-BEN form. The form requests such information as the person's birth date, Social Security number, mailing address, bank account number and signature. The IRS never contacts taxpayers by email. More information: http://www.zimbio.com/Exposing+Scams/articles/1020/IRS+Warns+Phishing+Scam+Ta rgeting+Immigrants

4. Microsoft and Apple Security Updates

Microsoft and Apple provide free security updates for their software products. Windows: Microsoft issues patches for all Microsoft products on the second Tuesday of each month as well as out-of-cycle patches on any day of the month. The next scheduled release date is January 13th. Check manually too, once every two weeks, to make sure all of the updates have been installed. More information: http://www.microsoft.com/athome/security/default.mspx OS X: Updates are issued frequently, and their contents may differ depending on which processor is in your Mac (PPC or ).

SANS OUCH! Volume 6, Number 1 Page 4

More information: http://www.apple.com/support/downloads/ iPhones: Must be updated manually: http://docs.info.apple.com/article.html?artnum=305744

********************* Copyright 2009, SANS Institute (http://www.sans.org) Editorial Board: Bill Wyman, Alan Reichert, John York, Barbara Rietveld, Alan Paller. Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product. We request that redistributions include attribution for the source of the material. Readers are invited to subscribe for free at https://www.sans.org/newsletters/ouch.

SANS OUCH! Volume 6, Number 1 Page 5