Schools & Businesses: Avoid Drive-by Downloads

Viruses Spread by Booby-Trapped Web Sites?

To distribute viruses, worms, trojans and other malware, hackers increasingly use drive-by-downloads.  They set up bogus web sites (often they trick search engines into linking to those sites), and then they infect PCs with bad code when unsuspecting visitors arrive (drive-by).

To thwart drive-by downloads, traditional anti-virus software tries to evaluate incoming code and stop the malware from causing damage after it arrives.  That strategy is less-than-perfect.

A newer strategy is to avoid visiting dangerous sites in the first place.  Cyberpatrol supports this strategy with an angle that is especially cost-effective for small-to-mid-sized enterprises (schools, churches, libraries, businesses, community centers).  Enterprise customers can use Cyberpatrol’s SiteSURV 4.0 to prevent users from browsing sites identified as malware spreaders.

Cyberpatrol’s web filtering is based on SiteCAT, a system that constantly crawls the web, categorizing sites according to their purpose.  SiteCAT has upgraded specifically to look for sites whose purpose is to deliver malware.

Cyberpatrol SiteSURV thus becomes a powerful enterprise weapon in the war against malware.

“In early June, we’ll be releasing SiteSURV 4.0,” says Chris Overton, Cyberpatrol’s VP of Research and Development. “This product takes advantage of our SiteCAT system to protect users from a broad range of online threats.  SiteSURV can typically be configured to protect an entire network in less than 15 minutes, and is extremely cost-effective when compared with other network-wide online security tools.  This new 4.0 version includes very flexible configuration options that will allow each organization to tailor the protection to its specific needs.  It also provides basic reporting features that allow a customer to see what SiteSURV is doing to protect its network.”

–Ben Wright, instructor on the law of electronic records and data security at the SANS Institute.

Advertisements

FaceBook & Myspace Identity Theft

Fake Buddy Requests Endanger Office Computers

Protect Education & Corporate PCs

A disturbing trend threatens the security of computers in small organizations like schools, libraries and businesses. Users of social networking sites (such as Myspace, FaceBook and Friendster) are receiving buddy or friend requests from the profiles of fictitious people, or people whose identity has been stolen.

According to “MessageLabs Intelligence: 2008 Annual Security Report,” the rogue profiles are concocted by hackers seeking to propagate spam, spread viruses or steal private information. “The buddy requests appeare genuine as they originate from the real social networking site and consequently their headers [are] intact and correct.” Further, says the Report, the e-mail address associated with the fake profiles are real, though they were created automatically by software that enables the hacker to create many outlaw e-mail accounts automatically, with little effort on the part of the hacker.

A fake profile may purport to belong to a celebrity, a real friend or even a reputable business person.

The goal of these deceptive buddy requests is to trick the victim into clicking on something unwittingly. The click may deliver spam to the victim, steal personal information or slip malware (like a virus) onto the victim’s personal computer. If the victim is operating from a network at an office or a school, the malware might infect not only the victim’s laptop, but other PCs on the network as well.

Hackers seek personal information about victims so that (among other things) they can manipulate the victims (“phishing them”) into trusting the hackers and disclosing passwords or downloading malware like botnet software. (A botnet is a robotized army of infected computers that does the hacker’s evil bidding.)

Social networks are exploding in popularity.  But they are relatively new computing environments, constantly adding new functionality.  As “Web 2.0,” they emphasize interaction among users and the sharing of multimedia content like video.

All this makes the social nets fertile ground for hackers and scammers. According to the MessageLabs Report, Web 2.0 “toolkits” now empower hackers easily to create boobytraps that look like appealing media but actually deliver something unexpected and sinister to the victim’s machine.

These dangers can motivate businesses and libraries to block, restrict or at least closely monitor social sites visited from their computers.  The Maryland General Assembly, for instance, has blocked Facebook and Myspace from its computers.

–Ben Wright

At the SANS Institute, Mr. Wright teaches IT administrators how to stay out of jail.

Cyberbullying: School, Library or Church Legal Liability

Lawsuit for Harassment?

Cyberbullying could attract a lawsuit for a school or other educational institution. The Internet is the new medium for harassment. Churches, libraries, community centers (places with shared computers) and the like need to supervise electronic communication (text, instant message (IM), Facebook, Myspace, Youtube and other social network site chat) today as they have supervised hallways and playgrounds in the past.

States such as Arkansas, Iowa and Missouri are amending their anti-harassment laws to include cyberbullying.

Institutions like schools are at risk of liability if they are negligent about harassment.  Casey County, Kentucky, schools agreed to pay five students a total of $110,000 to settle a lawsuit for failing to deal with old-fashioned bullying.  A more modern version of that same lawsuit would involve (at least in part) harassment via electronic communication.

Now that computer communication is the norm, Internet monitoring grows more compulsory for teachers and administrators.

–Ben Wright – Instructor on Computer Law at the SANS Institute.

Mr. Wright maintains other blogs on Internet law

Guest Internet Access and Hostile Work Environment

Abuse by Patrons of Library, Church or Internet Café?

E-pornography is dangerous for any organization that provides others with openly-visible access to the Internet.  The organization’s employees might claim hostile work environment.  Just as employees can complain about the viewing habits of co-workers, they might complain about the habits of guests and patrons.

Guests and students at libraries, schools and churches (places with shared computers) can indeed endanger those organizations by accessing objectionable material.  For example, librarians at the Minneapolis Public Library complained that their rights were violated when patrons used library computers to view porn.  The Equal Employment Opportunity Commission agreed.   Then, after the employees sued in court, the Library settled, reportedly agreeing to pay employees $435,000 and agreeing to take steps, including possibly technical filters, to reduce the potential that librarians would be exposed to porn on account of activities by patrons.

Can’t an organization protect itself Read the rest of this entry »