« Eloquence: Making a Bunny Run Elsewhere | Main | HP to surf legacy OS onto new platform »

January 10, 2014

Another Window is flung open to malware

HP continues to flog its customers off of Windows XP, reminding everybody that April 15 is the end of security updates for Microsoft's equivalent of MPE/iX. That's similar as in "designed more than a decade ago, still doing useful work, and not broken in many places." We spoke with Dave Elward of Taurus Software this week -- he's got an interesting project he's been doing on the history of HP 2000, one we'll cover next week. Elward pointed out most of his development these days is in Windows. The latest is Windows Server 2012, "the complement to Windows 8."

"For the most part, I work in Windows XP," Elward said. He's beyond brilliant in his understanding of the relative operations and virtues of environments. His first major product for the market was Chameleon, software that made HP 3000s use the new RISC-based UI, even when the 3000s were running MPE V. Chameleon let customers emulate the then-new PA-RISC HP 3000 operating system on Classic MPE V.

When someone as thorough as Elward is using an OS that HP seems to be exiting, it might be proof that security doesn't rely exclusively on software updates. Plenty of damage can be done through Windows via phished emails. The latest scheme involves sending email that purports to confirm an airline flight, or track a package from an online retailer. Our resident security expert Steve Hardwick explains how it's done, and what might be done to keep a Windows system from the latest malware infection.

By Steve Hardwick

I was recently asked to help out a colleague who had inadvertently opened an email containing malware. The email was a false notification of an order that had not been placed. Inside the email, a link led the unsuspecting user to a site that downloaded the first part of the virus. Fortunately at that point, the user knew something was amiss and called me. We are able to get rid of the virus, mainly due to the fact he had already taken good security precautions. Ironically, two days later, I received a notification email myself regarding airline tickets I did not purchase. This one included a Windows executable attachment. Since I was using my Ubuntu Linux desktop, it was easy to detect and no threat. All the same, it shows that there has been a wave of attacks out there taking advantage of seasonal behavior.

This method of attack is not new. In fact UPS has a list of examples of false emails on their website. The reason that these emails are more of a threat is that they get blended in with an unusual number of real ones. When people at Christmas order more on-line shipments and plane tickets, it allows the hacker to use this tactic more effectively. The other danger is that new viruses can be used as part of the attack. In the case of my colleague, the virus had only been identified a couple of days before he got it. Most of the AntiVirus, or A/V, software packages had not developed a detection update for it yet, This type of attack is commonly called a “Zero Day” virus infection. If the A/V cannot detect a virus, what can you do to mitigate this threat?

There are several things you can do to protect your system against Zero Day attacks prior to any infection. Here is a list of actions that you can use.

1. Keep all software up to date. Viruses attack weaknesses in the code. Vendors provide software updates, or patches, to close the holes that are in there. Keeping the operating systems and all applications, including your browser, up to date can help prevent viruses from exploiting the software weaknesses. In many cases, these updates are automatic if the updater is enabled.

2. Save your data. There are a lot of services available now to be able to save information in the cloud. By backing up the information you can always make sure that your data is safe when any repairs are made to remove the virus. Further, some viruses are designed to attack your data directly. Called Data Hostaging or Ransomware, these viruses encrypt all of the data and then you have to pay to get the encryption key to retrieve your data.

3. For Microsoft Windows the concept of a System Restore point was introduced. This allows the user to restore a system back to a previously captured system configuration. It is very useful if you are infected with a Zero Day virus. Not only will it remove any infected program files, it will also clean out any changes made to the registry.

Many viruses operate as a two part system. First the payload is downloaded and then the nasty part of the virus is loaded on re-boot using a registry change. A system restore will prevent the reboot portion of the virus from infecting your machine by providing a clean registry. A word of caution: if the system restore is created when the machine is infected, then the restore will also restore the infected files. You will need to replace the System Restore point with a clean version of the operating system.

The other alternative is to prevent getting the virus in the first place. Here are some tips that will help prevent downloading a virus.

1. Attachments: In many cases the company sending you a notification will not place an attachment to an email. An executable attachment will definitely not be sent out. So think twice before clicking on any email attachment. In fact many email programs will block executable attachments by default.

2. Check the link address in any email (normally you can just mouse over the email and see the URL -- but this will depend on your email application). Many people are easily fooled with malicious email addresses. Things like amazon.somesite.com look like they are a valid Amazon web site. However, the website owner is really somesite.com. Another easy trick is to use www.amaz0n.com (a zero in place of the “o”).  Easy to spot if lower case, but how does this look: WWW.AMAZ0N.COM. 

3. Use a website to check information instead of the email. When I got my email notification, I went to the airline website and entered the verification code in the email. The site told me it was an invalid verification code. By manually entering the site address, you are going to a site you know to be safe.

4. When you are planning to do a lot of on-line shopping, it is a good time to make sure your programs (including your email application) and your anti-virus are up to date,

The information is really just the tip of the iceberg when it comes to the topic of safe computing. There are some excellent sites out there that will give you some more information on how to deal with home computer security. Here are two of my favorites.

1. Originally started by Carnegie Mellon, the US Computer Emergency Response Team - US-CERT - site is a good one stop shop for information security information. The “Tips” page gives a compendium of topics on computer security. These are easy to read and cover a wide range of security topic

2. The Anti-Phishing Working Group provides a good page on steps to avoid phishing scams. There is also a lot of additional information on their site about phishing attacks and the work going on to stop them.

Hopefully the tips in this article and those I have referenced will help you avoid any nasty email surprises. By the way, my colleague had all of his data backed up and had a recent system restore point. He also detected that a file had been created which he did not recognize. So he came off unscathed from his brush with a Zero Day threat.

07:02 PM in Migration, Newsmakers | Permalink

Bookmark and Share

No more trying to figure out what runs on
MPE/iX or where to find it. No more worrying
about availability! www.MPE-OpenSource.org
is all things MPE/iX: Open Source packages,
freeware, scripting, plus loads of tools
and information to keep your 3000 system
alive and thriving!

Comments

Comments

The comments to this entry are closed.