SECURITY

Surfing the Web
Surfing the Web Anonymously – Questions to Ask

When you surf the web it is possible to learn information about you even when you don't want to advertise who you are. This is true even if your system contains no virus or malware software. Specifically information that is easily available online includes your IP address, your country (and often more location information based on IP address), what computer system you are on, what browser you use, your browser history, and other information. It gets worse. People can get your computer's name and even find out your name if your machine supports programs like finger or identd. Also, cookies can track your habits as you move from machine to machine.

How do people get this basic information about you?

When you visit another web site, information about you can be retrieved. Basically, information is intercepted and used by others to track your Internet activities.

How do you stop this from happening?

First of all, it is possible to serf the web anonymously and thereby stop leaving a trail for others to find. Note that this is not fool-proof, but it makes it much harder for people to know who you are. There are products called anonymous proxy servers that help protect you. The anonymous proxy server replaces your Internet address for its own. This has the effect of hiding your IP address and making it much harder for people to track you.


How do I get an anonymous proxy server?

There are many vendors who sell anonymous proxy servers. There are also free proxy servers available to you. Two such products are ShadowSurf and Guardster. Guardster (http://www.guardster.com/) offers various services for anonymous and secure access to the web, some paid as well as a free service. ShadowSurf (http://www.shadowsurf.com/) ShadowSurf provides anonymous surfing at their site for free. Go to it and you will find a box to enter a URL that you want no one to track. There are many others, but here are two that are frequently used.

Another interesting product, given the recent news about the Google search engine filtering its findings for the Chinese government, is Anonymizer (http://www.anonymizer.com). This company, among others, recently (Feb 1st, 2006) pressed that it "is developing a new anti-censorship solution that will enable Chinese citizens to safely access the entire Internet filter-free" (http://www.anonymizer.com/consumer/media/press_releases/02012006.html).

Does an anonymous proxy server make you 100% safe?

No. Still, you are much better off if you use such technology.

What other things should I be concerned about when trying to keep my private information private?

Three other items come to mind when trying to keep your information private. First, you can use an encrypted connection to hide your surfing. This article does not go into detail on this, but search the web and you will find a lot of information on this. Secondly, delete cookies after each session. Third, you can configure your browser to remove JavaScript, Java, and active content. This actually leads to limitations, so you need to think about the cost/benefit of this course of action.


Website Security Rules of the Road
In 2004, online consumer spending was at a record $65.1 billion. More and more people are attracted to the ease of online shopping and are spending higher amounts. Unfortunately, the chances of becoming a victim of Internet fraud are also increasing. The Internet National Fraud Center Watch reported that the average loss to fraud victims for just the first six months of 2005 was $2,579. This is compared to the $895 average for all of 2004.
Complaints relating to general merchandise purchases (goods never received or misrepresented) accounted for 30% of Internet fraud complaints, and auction purchases (goods never received or misrepresented) topped the list at 44%.

While many e-commerce Websites are reputable and have taken the necessary safety precautions to protect you, it never hurts to always proceed cautiously. If you are making an online purchase consider these easy steps:

1. Use only one credit card, preferably with a low credit limit, when making online purchases. Avoid using an ATM or debit card.

2. Be wary of unsolicited offers by sellers. The Internet National Fraud Information Center Watch reported that email, as a method of contact by Internet scammers was up 22% in 2004.While the offer may be legitimate, spammers like to use this tactic to side-step reputable sites that provide consumer protection for online purchases.

3. Use only reputable e-commerce websites that list a street address and telephone number in case you need to contact them directly.

4. Read the website’s privacy policy. Some websites may reserve the right to sell/give your information to a third party. Check the document to see if they allow an opportunity to “opt-out” of receiving special offers from third-party vendors or for permission to share your personal information.

5. Check for a lock symbol in the status bar at the bottom of your Web browser window. Also, do not provide your personal information if the website address doesn’t start with “https” (a sign that the site is using a secure server).

6. Choose only verified sellers. Check to see if the vendor is a verified member of a reputable third party such as the Better Business Bureau, VeriSign, or Guardian eCommerce. These third-party sites help to ensure online consumers will be protected when shopping or conducting e-commerce transactions.

7. Check that the delivery date posted is reasonable. If you have not dealt with the vendor on a regular basis, be wary of any Website that states the shipment will be delayed 20 or more days. Delivery dates of 7-10 days are more common.

8. Keep a paper trail of all online transactions. Print out a hard copy of the transaction and keep it in a file for future reference.

9. Be wary of website offers that just sound too good to be true. The Internet is littered with get rich quick scams and false advertising claims. Investigate all claims thoroughly before proceeding.

10. If you do not receive what you paid for, and the vendor will not return your emails or calls, contact your state’s Department of Consumer Affairs for further assistance.
Trojan Horse
Trojan Horse….Greek Myth or Computer Nemesis?

We have all heard the term Trojan Horse, but what exactly is it? A Trojan Horse is a destructive program that masquerades as a harmless application. Unlike viruses, Trojan Horses do not replicate themselves, but they can be just as destructive. One of the most dangerous examples of a Trojan is a program that promises to rid your computer of viruses but instead introduces viruses into your computer.

The Trojan can be tricky. Who hasn’t been online and had an advertisement pop up claiming to be able to rid your computer of some nasty virus? Or, even more frightening, you receive an email that claims to be alerting you to a new virus that can threaten your computer. The sender promises to quickly eradicate, or protect, your computer from viruses if you simply download their “free”, attached software into your computer. You may be skeptical but the software looks legitimate and the company sounds reputable. You proceed to take them up on their offer and download the software. In doing so, you have just potentially exposed yourself to a massive headache and your computer to a laundry list of ailments.

When a Trojan is activated, numerous things can happen. Some Trojans are more annoying than malicious. Some of the less annoying Trojans may choose to change your desktop settings or add silly desktop icons. The more serious Trojans can erase or overwrite data on your computer, corrupt files, spread other malware such as viruses, spy on the user of a computer and secretly report data like browsing habits to other people, log keystrokes to steal information such as passwords and credit card numbers, phish for bank account details (which can be used for criminal activities), and even install a backdoor into your computer system so that they can come and go as they please.

To increase your odds of not encountering a Trojan, follow these guidelines.

1. Remain diligent
Trojans can infect your computer through rogue websites, instant messaging, and emails with attachments. Do not download anything into your computer unless you are 100 percent sure of its sender or source.

2. Ensure that your operating system is always up-to-date. If you are running a Microsoft Windows operating system, this is essential.

3. Install reliable anti-virus software. It is also important that you download any updates frequently to catch all new Trojan Horses, viruses, and worms. Be sure that the anti-virus program that you choose can also scan e-mails and files downloaded through the internet.

4. Consider installing a firewall. A firewall is a system that prevents unauthorized use and access to your computer. A firewall is not going to eliminate your computer virus problems, but when used in conjunction with regular operating system updates and reliable anti-virus software, it can provide additional security and protection for your computer.

Nothing can guarantee the security of your computer 100 percent. However, you can continue to improve your computer's security and decrease the possibility of infection by consistently following these guidelines.

Department of Defense Crackdown on Security
The top commander of the department of Defense network operations just ordered a crackdown on security. According to a recent article by NetworkWorld on January 16,2006, Lt. General Charles Croom is quoted as saying, “The attacks are coming from everywhere and they’re getting better.” His talk was the keynote address at the Department of Defense Cyber Crime Conference held on January 9 - 14, 2005 in Clearwater, Florida. The event is sponsored by the Defense Cyber Crime Center and the Joint Task Force. Over 500 computer crime specialists from the FBI and the military attended the event.
The crackdown was related to a recent arrest of a “Computer Virus Broker” named Jeanson James Ancheta. On further investigation, a Department of Justice press release from Nov 3rd, 2005 offered the following information on this incident, “In the first prosecution of its kind in the nation, a well-known member of the “botmaster underground” has been indicted on federal charges for profiting from the use of “botnets” – armies of computers that are under the control of the botmaster and are used to launch destructive attacks or to send huge quantities of spam across the Internet.
Jeanson James Ancheta, 20, of Downey, California, was arrested this morning by special agents with the Federal Bureau of Investigation. Ancheta was indicted yesterday in two separate conspiracies, as well as substantive charges of attempting to cause damage to protected computers, causing damage to computers used by the federal government in national defense, accessing protected computers without authorization to commit fraud and money laundering.”
The press release goes on to describe more details of this scheme that clearly show why the Deparment of Defense is so concerned (for more information go to: http://www.usdoj.gov/criminal/cybercrime/anchetaArrest.htm )
“Ancheta had become an affiliate of several different advertising service companies, and those companies paid him a commission based upon the number of installations. To avoid detection by network administrators, security analysts and law enforcement, Ancheta would vary the download times and rates of the adware installations. When companies hosting Ancheta’s adware servers discovered the malicious activity, Ancheta redirected his botnet armies to a different server he controlled to pick up adware. To generate the roughly $60,000 he received in advertising affiliate proceeds, Ancheta caused the surreptitious installation of adware on approximately 400,000 compromised computers. Ancheta used the advertising affiliate proceeds he earned to pay for, among other things, the multiple servers used to conduct his schemes.
Ancheta used programs powerful enough to cause the infection of computers at the Weapons Division of the United States Naval Air Warfare Center in China Lake, as well as computers belonging to the Defense Information Systems Agency, a component of the United States Department of Defense. Both networks are used exclusively by the federal government in furtherance of national defense. After being arrested this morning at the FBI Field Office in Los Angeles, Ancheta was transported to United States District Court in Los Angeles. It is unclear if he will make his initial court appearance this afternoon or tomorrow. Ancheta is charged with two counts of conspiracy, two counts of attempted transmission of code to a protected computer, two counts of transmission of code to a government computer, five counts of accessing a protected computer to commit fraud and five counts of money laundering. Count 17 of the indictment seeks the forfeiture of more than $60,000 in cash, a BMW automobile and computer equipment that the indictment alleges are the proceeds and instrumentalities of Ancheta’s illegal activity.”

Some recent news. Ancheta pleaded guilty to charges of conspiring to violate anti-spam and computer misuse laws, and fraud and will serve from 4-6 years in prison, under the plea agreement - plus heavy fines.

Spyware Beware
Spyware and Adware are not only an ever increasing nuisance for computer users everywhere, but also a booming industry. According to Webroot Software, Inc., the distribution of online advertisements through spyware and adware has become a $2 billion industry.

The aggressive advertising and spying tactics demonstrated by some of these programs, require an equally aggressive response from a seasoned eradicator. Sunbelt Software is such a company. A leader in Anti-Spyware, Anti-Spam, Network Security and System Management tools, they gave consistently remained on the cutting-edge of anti-spyware programming since 1994.

One of their more notable software applications is CounterSpy 1.5. CounterSpy is designed to detect and remove spyware that is already in your computer system. Additionally, it provides real-time protection while preventing browser hijacking and changes to your computer’s Registry.

Other notable features include:
• Detection and Removal of Tracking Cookies – while it is true that applications like Microsoft AntiSpyware Beta are free, they do not include the ability to detect and remove tracking cookies like CounterSpy does.
• History Cleaner - erases any traceable trails left on your computer as you surf the Internet.
• Secure File Eraser - a powerful deletion tool that can completely eliminate all files you want removed from your computer including images, music, movies and applications.
• PC Explorer - allows you a look into files and areas that are normally inconvenient to access, such as your startup programs, browser helper objects, and ActiveX programs that are being downloaded or used.
• Support for Older Operating Systems – includes Windows 98SE, Windows ME, and Windows NT.

Recommended by PC World, ConsumerSearch, and Dell, CounterSpy holds one of the highest effective ratings for spyware removal. It also received high marks from TopTenReviews (2006) for ease of use, customization/installation, and help/support. For only $19.95 per machine, users can receive a one year subscription with updates, upgrades, and technical support from real live humans. CounterSpy definitely provides ease of use and affordability for just about any computer user from the novice to the expert.

Computer Viruses that Come a Callin’
Every day new computer viruses are created to annoy us and to wreck havoc on our computer systems. Below are ten viruses currently cited as being the most prevalent in terms of being seen the most or in their ability to potentially cause damage. New viruses are created daily. This is by no means an all inclusive list. The best thing you can do is to remain vigilant, keep your anti-virus software updated, and stay aware of the current computer virus threats.

Virus: Trojan.Lodear
A Trojan horse that attempts to download remote files. It will inject a .dll file into the EXPLORER.EXE process causing system instability.

Virus: W32.Beagle.CO@mm
A mass-mailing worm that lowers security settings. It can delete security-related registry sub keys and may block access to security-related websites.

Virus: Backdoor.Zagaban

A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.

Virus: W32/Netsky-P

A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.

Virus: W32/Mytob-GH

A mass-mailing worm and IRC backdoor Trojan for the Windows platform. Messages sent by this worm will have the subject chosen randomly from a list including titles such as: Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.

Virus: W32/Mytob-EX

A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH. W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. This virus spreads by sending itself to email attachments harvested from your email addresses.

Virus: W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER

This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).

Virus: Zafi-D

A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe. It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension. W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe. W32/Zafi-D will also display a fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".

Virus: W32/Netsky-D

A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.

Virus: W32/Zafi-B

A peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com. A bilingual, worm with an attached Hungarian political text message box which translates to “We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, Pécs (SNAF Team)”