Porn Sites as Malware Distributors

Library, School, Church and Hotel Network Security

Want to avoid viruses, botnets and trojans in workplace computers?  A key strategy is to prevent users from surfing to adult web pages.   According to Chris Overton, VP at Cyberpartol:   “Pornography sites are one of the major distributors of viruses and other malware.   To quote from the CyberSharks book we’re about to release, ‘Websites offering adult content are the single most significant security threat for Internet users, comprising 31 percent of dangerous websites.  Adult and XXX sites account for the largest percentage of web sites from which viruses are spread.  (Web of Trust, 2008)’  This means that companies can go a long way toward protecting their networks from malware simply by blocking pornographic sites.  SiteSURV can provide this protection.”

–Ben Wright, advisor to Cyberpatrol

Advertisements

Schools & Businesses: Avoid Drive-by Downloads

Viruses Spread by Booby-Trapped Web Sites?

To distribute viruses, worms, trojans and other malware, hackers increasingly use drive-by-downloads.  They set up bogus web sites (often they trick search engines into linking to those sites), and then they infect PCs with bad code when unsuspecting visitors arrive (drive-by).

To thwart drive-by downloads, traditional anti-virus software tries to evaluate incoming code and stop the malware from causing damage after it arrives.  That strategy is less-than-perfect.

A newer strategy is to avoid visiting dangerous sites in the first place.  Cyberpatrol supports this strategy with an angle that is especially cost-effective for small-to-mid-sized enterprises (schools, churches, libraries, businesses, community centers).  Enterprise customers can use Cyberpatrol’s SiteSURV 4.0 to prevent users from browsing sites identified as malware spreaders.

Cyberpatrol’s web filtering is based on SiteCAT, a system that constantly crawls the web, categorizing sites according to their purpose.  SiteCAT has upgraded specifically to look for sites whose purpose is to deliver malware.

Cyberpatrol SiteSURV thus becomes a powerful enterprise weapon in the war against malware.

“In early June, we’ll be releasing SiteSURV 4.0,” says Chris Overton, Cyberpatrol’s VP of Research and Development. “This product takes advantage of our SiteCAT system to protect users from a broad range of online threats.  SiteSURV can typically be configured to protect an entire network in less than 15 minutes, and is extremely cost-effective when compared with other network-wide online security tools.  This new 4.0 version includes very flexible configuration options that will allow each organization to tailor the protection to its specific needs.  It also provides basic reporting features that allow a customer to see what SiteSURV is doing to protect its network.”

–Ben Wright, instructor on the law of electronic records and data security at the SANS Institute.

FaceBook & Myspace Identity Theft

Fake Buddy Requests Endanger Office Computers

Protect Education & Corporate PCs

A disturbing trend threatens the security of computers in small organizations like schools, libraries and businesses. Users of social networking sites (such as Myspace, FaceBook and Friendster) are receiving buddy or friend requests from the profiles of fictitious people, or people whose identity has been stolen.

According to “MessageLabs Intelligence: 2008 Annual Security Report,” the rogue profiles are concocted by hackers seeking to propagate spam, spread viruses or steal private information. “The buddy requests appeare genuine as they originate from the real social networking site and consequently their headers [are] intact and correct.” Further, says the Report, the e-mail address associated with the fake profiles are real, though they were created automatically by software that enables the hacker to create many outlaw e-mail accounts automatically, with little effort on the part of the hacker.

A fake profile may purport to belong to a celebrity, a real friend or even a reputable business person.

The goal of these deceptive buddy requests is to trick the victim into clicking on something unwittingly. The click may deliver spam to the victim, steal personal information or slip malware (like a virus) onto the victim’s personal computer. If the victim is operating from a network at an office or a school, the malware might infect not only the victim’s laptop, but other PCs on the network as well.

Hackers seek personal information about victims so that (among other things) they can manipulate the victims (“phishing them”) into trusting the hackers and disclosing passwords or downloading malware like botnet software. (A botnet is a robotized army of infected computers that does the hacker’s evil bidding.)

Social networks are exploding in popularity.  But they are relatively new computing environments, constantly adding new functionality.  As “Web 2.0,” they emphasize interaction among users and the sharing of multimedia content like video.

All this makes the social nets fertile ground for hackers and scammers. According to the MessageLabs Report, Web 2.0 “toolkits” now empower hackers easily to create boobytraps that look like appealing media but actually deliver something unexpected and sinister to the victim’s machine.

These dangers can motivate businesses and libraries to block, restrict or at least closely monitor social sites visited from their computers.  The Maryland General Assembly, for instance, has blocked Facebook and Myspace from its computers.

–Ben Wright

At the SANS Institute, Mr. Wright teaches IT administrators how to stay out of jail.

Screening Twitter from Work or School

Employees Wasting Time with Micro-blogs?

Twitter is popular, and if it is not blocked or forbidden, it can depress workplace productivity.  Twitter is a free service that broadcasts text messages (also known as updates or tweets) of up to 140 characters in length.  Twitter can be addictive, as readers can enjoy the distraction of reading each little instant message as it comes in.

Twitter supports multiple media for sending and receiving.  Users can exchange tweets by way of web pages, electronic mail or mobile (cell) phones (text, IM or SMS).

Responsible use of Twitter can help employees perform their job. For example stock brokers might use Twitter to keep abreast of the latest financial gossip.

But many employers or teachers may have little tolerance for Twitter within their domains.  Although employees or students may need access to Internet-connected computers, Twitter can be a nuisance.  Administrators therefore might adopt a policy that bans Twitter, and take technical steps to block it.  Technical measures might include the deployment of software that blocks certain URLs (such as twitter.com, tweetie.com, facebook.com, myspace.com, which support Twitter or its widgets).

Further, an administrator might use Internet monitoring software to discover which time-wasting sites users are visiting – the latest access points for Twitter and other worthless chat.

An administrator who monitors computer usage is wise to warn users of that fact.

Update:  Popular services like Twitter inevitably attract the interest of hackers.  Some Twitter users contracted the StalkDaily virus.  For some employees there is no reason for them to be on Twitter at work.  Security is an additional reason to block the access of these employees to Twitter.

–Ben Wright Mr. Wright teaches data security and e-mail records law at the SANS Institute.

Cyberbullying: School, Library or Church Legal Liability

Lawsuit for Harassment?

Cyberbullying could attract a lawsuit for a school or other educational institution. The Internet is the new medium for harassment. Churches, libraries, community centers (places with shared computers) and the like need to supervise electronic communication (text, instant message (IM), Facebook, Myspace, Youtube and other social network site chat) today as they have supervised hallways and playgrounds in the past.

States such as Arkansas, Iowa and Missouri are amending their anti-harassment laws to include cyberbullying.

Institutions like schools are at risk of liability if they are negligent about harassment.  Casey County, Kentucky, schools agreed to pay five students a total of $110,000 to settle a lawsuit for failing to deal with old-fashioned bullying.  A more modern version of that same lawsuit would involve (at least in part) harassment via electronic communication.

Now that computer communication is the norm, Internet monitoring grows more compulsory for teachers and administrators.

–Ben Wright – Instructor on Computer Law at the SANS Institute.

Mr. Wright maintains other blogs on Internet law

Guest Internet Access and Hostile Work Environment

Abuse by Patrons of Library, Church or Internet Café?

E-pornography is dangerous for any organization that provides others with openly-visible access to the Internet.  The organization’s employees might claim hostile work environment.  Just as employees can complain about the viewing habits of co-workers, they might complain about the habits of guests and patrons.

Guests and students at libraries, schools and churches (places with shared computers) can indeed endanger those organizations by accessing objectionable material.  For example, librarians at the Minneapolis Public Library complained that their rights were violated when patrons used library computers to view porn.  The Equal Employment Opportunity Commission agreed.   Then, after the employees sued in court, the Library settled, reportedly agreeing to pay employees $435,000 and agreeing to take steps, including possibly technical filters, to reduce the potential that librarians would be exposed to porn on account of activities by patrons.

Can’t an organization protect itself Read the rest of this entry »