Sysadmin News

A typical scenario might be:
1. Information Gathering
An attacker will normally start by finding out as much information as possible on his target. At this point the attacker will want to be as stealthy as possible and will usually make use of less direct methods. Some of these methods include doing a whois lookup and DNS Zone transfers as well as normal browsing of websites gathering e-mail addresses and similar important information belonging to the target.
2. Further Information Gathering
In an attempt to gather more information an attacker will usually perform ping sweeps, port scanning and check Web servers for vulnerable CGI scripts. The intruder will also check the versions of running applications and services on your host - normally done using Banner Grabbing techniques. Typically banner grabbing consists of connecting to a service (for example SMTP on port 25) and parsing the response. In the response one would usually get the version of the application or a typical pattern of that application. A good IDS will catch some of this activity.
3. Attack!!
Having a list of possible loopholes, the intruder will start trying out different attacks on the system. He will for example try to launch the UNICODE attack if he previously found out that the target has IIS installed. Apart from launching exploits for well known vulnerable software, a typical attacker will also try to find out misconfigured running services. For example he will try to guess passwords for known users on the system.
4. Successful intrusion
After a successful intrusion, attackers will usually install their own backdoors in the system and delete log files in order to hide their tracks. They may install ‘toolkits’ such as rootkits that give them access, replace existing services with their own Trojan horses that have backdoor passwords, or create their own user accounts. System Integrity Checkers such as Tripwire have the task of detecting this kind of activity and alerting the administrator. From here an attacker will usually launch further attacks to other hosts especially those that are trusted by the compromised machine.
5. Fun and profit
Different classes of system intruders have different goals. Some steal confidential information such as Credit cards, passwords etc: while others just use the compromised host to launch further attacks on sites (such as DDoS attacks). A few others will just deface a website.
A growing trend is to make use of a different pattern of attack. Intruders are increasingly randomly scanning internet addresses looking for a specific hole or number of holes. For example an intruder may scan for hosts having port 80 open and running a misconfigured / unpatched IIS server. Attackers will make a list of the vulnerable hosts and then launch attacks against each one of the hosts.

Would you know a key logger if you saw one? Well since you can’t see key loggers I’m sure you don’t! OK let me tell you about key loggers. Key loggers are invisible software programs that are used to track your online activity. Most importantly, they are being used more and more to steal your vital financial information either to sell to criminals or to be used in the theft of your identity.

Finding a keylogger on your computer is next to impossible unless you have professional help in the form of an updated spyware removal software system. The real; problem is that if you don’t know that a keylogger is tracking everything you do then you won’t know when the little darlin’ has stolen your bank account passwords or your credit card numbers until a theft of your assets has been attempted. And the discovery may only be made by you after your assets have been raided and depleted.

When a keylogger is busily at work, you won’t even see your machine slow down or see anything peculiar happening. But visualize that the potential thief is standing right behind you watching and recording everything that you do on the machine.

I’m not sure where this statistic comes form but it is said that more than one third of all online ID thefts can now be traced to keylogging. Unfortunately, keyloggers are easily found and acquired. They are cheap and available. Worse yet they are perfectly legal in and of themselves.

There are perfectly legitimate reasons for employers to use key logger software to monitor employees use of the computer at work and for parents to monitor their children’s web browsing habits. But the corollary is that it is an easy way for a criminal to gain access to your valuable assets and plunder them. And the software itself is perfectly legal.

In view of the foregoing take steps immediately to protect yourself:

* Install a respected anti spyware software that not only scans your computer but prevents unauthorized access

* Install a firewall

* Do not click on pop-ups

* Do not open spam email - when in doubt delete!

* Do not open e-mail attachments unless you can be sure it is coming from a legitimate source for a legitimate purpose

* Make your passwords hard to crack and change them frequently

The keylogger situation is getting worse, not better. Don’t wait until your identity has been stolen. Get the protection you need now and stay alert. You have been warned!

Malware is now a common plague of computers these days and has become more common than the conventional virus. In this article you will find explanations of the different types of Malware, how to remove an infection and how to prevent an infection in the first.

What is Malware?

Malware is a malicious piece of software designed to damage your PC or spy on your computer activities without you knowing about it. What follows is a list of common types of malware and their descriptions.

Adware
Adware will hide on your computer and show pop up windows containing adverts for various dubious products. This type of malware is more annoying than harmful.

Virus
A virus is designed to hide within other executable software and to become active when the host software is activated. It will self replicate and place copies of itself into other software or documents. This can cause an increasing infestation of you PC and cause all sorts of damage.

The worm
A worm will also make copies of itself just like a virus but can execute itself without the need for a host application. It will then send multiple copies of itself to other computers via the internet.

Ransom Ware
Ransom ware is used to extort money from the computer owner by locking up important files on your computer. A message will be displayed demanding the appropriate ransom before giving access to the files.

Trojan Horses
Trojan horses conceal their true identity by masquerading as or hiding inside legitimate software. They usually get on to your computer in some form of free software downloaded from the internet.

Spyware
Spyware is designed to monitor and record all of your keyboard actions, internet activity and personal details such as credit card details and passwords sending them via the internet to the spyware maker using email.

Symptoms of an infected computer:

If your computer has displayed a considerable reduction in speed it could be infected with malware, it sometimes may even appear to pause or hang. Another is that windows will behave erratically and unstable. Malware will sometimes display popup windows at random. If you have a good antivirus program it should let you know of the presence of Malware and offer to remove it for you.

How Does my Computer Get Infected?

Emails
If you receive any email from unknown or unexpected senders make sure that you scan it before opening it with your anti virus software and if you have any doubts do not open it.

Websites
Browsing some websites that are suspect can lead to infection because the Malware can be hidden as code in the web page itself.

Peer to Peer File Sharing Software
File sharing software enables the user to share illegal music, software and video and is a common way to get infected. A lot of the files available on peer to peer networks have Malware hidden within them or are not the files you were expecting at all.

Popup messages
Malware can often infect your computer through popups or IP popups. IP popups can be sent strait to your computers IP address bypassing popup blockers. These popups are usually disguised as Windows error messages asking you to ‘click here’ to remedy the error. Clicking the button will execute the Malware.

Instant Messaging Software
This may be a surprise to many of you as instant messaging software is becoming very popular. Infection usually happens when sharing files with people so be careful who you share files with.

Networks
All computers on a network are at risk of infection if one of those computers have Malware on it. For that reason all network computers must be protected by antivirus software and a firewall.

How to prevent Malware infection:

Use Internet Securities Software
I advise all computer users to invest in good quality internet securities software from companies such as Semantec and McAfee. It is not advisable to use free anti virus software as these don’t tend to be as effective and can also be Malware disguised as anti virus software. Whichever one you use just make sure that you keep it regularly updated and remember to renew your yearly subscription. Remember, out of date anti virus software is completely useless.

Use A Firewall
Windows XP and Vista both have a firewall built in and you should have them switched on. If you have a good internet securities program this will have a firewall included which should be used in favour of the Microsoft version.

Use Windows Update
You should use Windows Update on a regular basis to ensure that you have all the latest critical updates. Security holes in windows are often found and Microsoft will have patches for these available..

How To Remove Malware From Your Computer:

With any good internet securities application removing malware is a simple task. If you set them up to do so they will remove malware automatically and then inform you once the offender has been dealt with.

A Final Word Of Caution:

You will be at a much higher risk of infection if you visit illegal or immoral websites, these sites tend to be set up and frequented by people who have no scruples and will think nothing of infecting your computer along with many others.