Category: Cyber Security

How to Secure Your PC from Being a Part of Botnet

The recent Mariposa scam which revealed the compromising of 12.7 million computers shows the extent and severity of botnet problem. Mariposa is only one of them; there are many more such botnets like conficker, kraken, srizbi, Zeus, Zdbot, etc which have compromised millions of computers that are connected to internet today. And these in turn are actively trying to infect more and more computers every day. An article from BBC saying that up to a quarter of PCs connected online are part of botnets, tells us how grave the situation is.

Basics about Bots and Botnets
The term bot is related to the word robot. A computer system is first infected by a Trojan virus or any such malware; then the hackers, who are creators of this malware, take over the controls of the system and remotely operate it for their use. Since, the infected computers are obeying the controls of the hacker, these are also called bots or zombies.

A single bot is of not much use to the hacker. Thus, he first tries to increase the number of zombies by spreading the malware via the infected PC. Thus, the network of bots increases and forms a botnet. A typical botnet contains a few hundreds or a couple thousands of computers. However, there are a few botnets that contain millions of infected PCs. All of them serving to the key master – the creator of the botnet.

How/where are they used?
The primary risk of having/using a PC-turned-bot is putting all your credible information (like bank accounts, credit card numbers, passwords, financial information or any such sensitive data) available for the hacker to exploit. Bots also send spam, viruses, spyware to other computers on internet in order to spread their botnet. These are automated processes and do not require commands from the hacker each and every time.

Botnets are also used to perform other tasks online like creating email spam, clickfraud, spamdexing, launching of denial-of-service (DoS) attacks, fast flux, access number replacements, etc.

How to check if your PC is a part of botnet
Your PC Internet connection – turning inexplicably slow either while browsing or while checking mails can be a symptom of botnet infection. The malware used in botnet infection are specially designed to hide themselves even during carrying out the automated processes. Thus, it is hard to trace them down sometimes even with an antivirus installed in your PC. However, Prevx suggests a small technique using which you can check if your PC is part of a botnet follow when your internet becomes slow. The process is as follows:

  1. Close all your browsers and email software (like Thunderbird, Outlook, etc)
  2. Open Task Manager: Press CTRL+ALT+DEL at a time and then select Task manager from the Window.
  3. Open Networking tab and observe the graph or Network Utilization percentage below the graph. If it is showing more than usual percentage, then it might indicate that your PC is infected.

If the above is true in your case, the next steps to do will be:

  • Immediately pull off from the internet by disconnecting the LAN cable.
  • Use a rescue disk (like Norton antivirus rescue disk) and scan your computer thoroughly.
  • Replace your antivirus immediately with a superior one and run thorough scan (because it is already proved that the existing one is ineffective).
  • Reconnect PC to the internet and update your MS Windows, antivirus database, browser, adobe reader, and other vulnerable applications that are installed on your PC.


Ideal NTFS Formatting in Windows

The advanced features of NTFS (New Technology File System) like recoverability in the event of a system failure, file compression, security controls for files, EFS (Encryption File System), Disk Space Quota management, etc., has made it preferable over FAT file system. Unless in situations like using multiple-boot configuration – NTFS is an ideal file system to use for your hard drive.

Before Formatting an NTFS volume
For better performance of your NTFS volume it is essential to evaluate which type of files will be stored in the volume and how big they will be. This is to decide whether to use the default cluster size for the NTFS partition or manually configure it. Clusters are units in which files of a file system are managed. Choosing an ideal cluster size not only saves the disk space but also improves the performance of the volume.

Choosing a Cluster size
The default cluster size values of NTFS formatting in Windows NT/2000/XP are as follows:

Size of Logical Volume (Drive Size) Default Cluster Size
< 512 MB 512 Bytes
> 512 MB to 1GB 1 KB
> 1GB to 2GB 2 KB
> 2 GB * 4 KB

* greater than 2 TB is not supported in Windows NT due to limitations of MBR

A manual partition can be assigned cluster size values as 512 bytes, 1KB, 2KB, 4KB, 8KB, 16KB, 32KB, 64 KB. However a cluster size more than 4 KB does not support compression on volumes (You might have seen that the default cluster size is not exceeding 4 KB in the above table).

If you are going to use your HDD for saving regular working documents like xls, doc, etc., it is good to use small cluster size so that disk space is not wasted. However, if you will be saving large multimedia files than it will be good to use large cluster size. This will help in improving performance of the Logical Volume.

Maximum sizes in NTFS
NTFS has certain limits for file size, volume size and number of files per volume. The limits, according to Microsoft, are as follows…

  • The maximum size of an NTFS volume is 256 Terabytes minus 64KB (Thus, even a PC with 1TB of disk space can be formatted into single NTFS volume without any issues).
  • The maximum size of a file you can store in an NTFS volume is 16Terabytes minus 64 KB.
  • The maximum number of files you can store in a NTFS volume are 4,294,967,295. However, if the number of files is exceeding 300,000, it is recommended to disable automatic short-file name generation (use this link to find the procedure This will speed up file and folder access of the system.


Hackers who created botnet with 12.7 million computers busted

Spanish police working with the FBI and other police forces have arrested three suspects for running world’s biggest computer hacking scam through a bots network called Mariposa.

This is a crucial win for security experts over hackers and a relief to millions of people who use internet everyday. The network of mariposa botnet is spread around 190 countries infecting over 12.7 million computers. These included computers of the US Fortune 1000 companies to computers of major banks. Spanish police reported the recovery of details like bank account details, credit card numbers, usernames, passwords, etc., of over 800,000 people. The amount of loss due to this botnet network is yet to be determined.

Mariposa is a Spanish word for butterfly. It was announced as a new botnet by Defence Intelligence in May 2009. This bot is known to spread through crucial vulnerabilities in Internet Explorer as well as contaminated USB sticks. It is very hard to nab creators of botnet as these criminals operate disguising the source of their Internet traffic or through an infected computer (called zombie) belonging to another person. It seems that it is the blunder made by one of the operators of mariposa – forgetting to conceal their IP address – that helped Spanish police to catch this gang.

The infected computers still remain tainted. The worst part is that most of the owners are still not aware that their computer is a botnet. Use a reliable, robust and updated version of antivirus solution in your PC to detect any traces of botnet.

Read more about Botnet and PC security here.

Why Internet is Wild West Today?

Today almost every user browsing Internet is at risk. The increase in threats related to social networking sites, banking security, botnets, and attacks targeting users, businesses, and even applications made Internet a risky landscape. Many industry consultants and analysts refer Internet as ‘Wild West’ because of its huge insecurity, where nobody or no website can be trusted. Every year, cyber crime costs billions of dollars to repair systems hit by attacks and loss in productivity because of disruptions. According to the Federal Bureau of Investigation (FBI), consumers and businesses lost $5.8 billion in 2009 due to cyber crime.

Risks increased exponentially
Today, any user can get affected by cyber threats through browsing, searching or merely visiting legitimate sites than ever before in the Internet history. Malicious web links are sprouting at a rapid pace. According to CA Internet Security Business Unit (ISBU), 78% of threats came from online interaction during the first six months of 2009. IBM’s ‘X-Force 2009 Mid-Year Trend and Risk Report’, states that there was more than 500% increase in new malicious web links in the first six months of 2009. The vulnerability towards the threats seems to have reached the peak point. In the first half of the year 2009 alone, nearly 3,240 new vulnerabilities were discovered.

New threats
With the evolution of web based communities and explosion of Internet services, users are spending more time online and engaging in social networking activities on the Internet than ever before. This is resulting in new threats that exploit these services and communities. When a reputed website hosts third-party content, users often let down their guard while following hyperlinks in the third-party content or installing applications offered by them. Malware authors follow social networking buzz and the most popular activities online to attack the users. They are always ready to exploit significant and popular news stories to trap the netizens. Thus many people become victims of cyber traps.

The attackers are constantly upgrading their tools to attack the unwary users. This criminal activity is scaling new peaks constantly. According to IBM, the SQL injection attacks almost doubled from first quarter to second quarter of 2009. Through SQL attacks, malicious code is injected into genuine web sites to infect the visitors.

For the past few years, Botnets are the primary tools for many cyber criminals. They are always a challenge to the cyber security professionals as it is very difficult to track them down. Botnets can launch almost every type of cyber attack including data exfiltration, sophisticated espionage, and spam.

Targeted attacks
Although targeted attacks were rare earlier, they are seen often these days. Apart from the common people, top management of companies, governments, industries and even journalists are being targeted for private information. Emails with Malware attachments is the popular and preferred method for targeted attacks. According to CA (ISBU), 17% of the infections are distributed through E-mail. There is also an increase in attacks targeting client software using Adobe products including Flash and Acrobat Reader.

Criminals are adapting more effective methods to target online banking system. Trojans are the result of new tactics that go beyond the simple key logging-with-screenshots efforts, which prevailed earlier. CA (ISBU) reported that Trojans were the most common threats representing 71% of the total infections in the first half of 2009. When it comes to Phishing, IBM says that 66% of the phishing attacks targeted financial industry and 31% targeted online payment in the first half of 2009.

Over the years, Internet security issues have been growing. Initially, virus was the only problem. Later with the explosion of Internet, many newer threats have evolved increasing the security vulnerability such as malicious domains or untrusted web sites, presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, mainstream news sites and online magazines. Today you are in a high-risk zone as soon as you are online. It is always advisable to be alert while you are browsing.

How safe is a Remote Backup Service?

There are many service providers who offer online back up services. Some of them are Mozy,, Citadel Remote Backup, SafeCopy Backup, Iron Mountains, ElephantDrive, Xdrive, Genie Online Backup, AT&T Online Vault, Carbonite, eSureIT, iBackup. These are only a few to name.

Remote back up service are mostly suitable for individuals and small businesses. However, any of them trying these services without a good broadband connectivity as well as a high performing system – will for-sure visit the hell on earth.

In fact many people and many companies have been relying on some of the services mentioned above. The security of backing up data online is also questioned when services of even bog companies like Google and Twitter are being hacked.

Many of Remote backup services, for example – Mozy, encrypts the files that are to be backed up, in your PC itself so that they are not easily accessible even when steals them in mid of the back up process. In addition, some services even scramble the encrypted data through a SSL connection. This is the same mechanism that is used by online merchants to move credit card information.

What if the data is accessed at the data centers by their employees? Well, there are some services that offer remedy for this too. When they are encrypting the data on your PC, the encryption key will be given by yourself so that decrypting and encrypting can be done by none other than you.

However, there are certain precautions that are required to be taken up before opting for a service.

  • Ensure that the service providers are firm at their policies.
  • Use strong passwords or encryption keys for files that carry vital or sensitive data.
  • Try to add an extra protection like password protecting your documents or using some third party applications to pre-encrypt your data.

Malware Lurks Within Pirated Versions of Popular Movie Downloads

Now-a-days cyber criminals are using popular events, current developments and even movie premieres to attract people who seek free or pirated content and exploiting.

A recent online scam which promises viewers to download the recent “Twilight – New Moon” movie is found to install malware in PCs.

The entire process of this scam is as follows…

  • Viewers are lured with the text websites, chat rooms and blogs that read: “Watch New Moon Full Movie.” Comment posts with related keywords are also used simultaneously to attract more search engines.
  • Search results for the movie then link users to stolen images from the movie itself, convincing the fan that the movie is only one click away.
  • When they click on the “movie player” they are told to install a “streamviewer”.
  • The streamviewer, however, installs malware on the user’s computer.

Don’t get enticed by such scams to get downloads without verifying if the sources are genuine or not. It can turn up to be more hectic not only in terms of cost but also in terms of toil and time. And the entire accountability will fall upon none other than you.


Open Source Utility for Enhanced Password Security

With the increase of online banking, online e-mail, online purchases, etc., there is a need for increased password security. If you are like many people who use the same password for most sites, you are in trouble if your password gets hacked. You need to make your passwords complex and tough to crack and create a separate password for each account. Once you create a different complex password for each site , the problem is how to remember these passwords. The last thing you want to do is write the passwords down on a paper or notebook and carry them in your wallet/purse.

KeePass is an open source utility that works on almost any platform, including your smartphone ( Clients available for Windows, Ubuntu, Linux, MacOS X, J2ME (Cell Phones), Blackberry, Windows Mobile and more). You can store your passwords in a password protected and encrypted database and use the passwords when needed. It will even generate a complex password for you. KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithms to encrypt its password databases. There are many plugins available that will allow things like filling forms, onscreen keyboard, etc.

Click here for more information on Keepas.

Keepas Demo Screenshot
Keepas Demo Screenshot


Technical Tips to Prevent Phishing

Many anti-phishing browsers have been implemented till date and some of them include embedding features in browsers, as extensions or toolbars in browsers, and as part of website login procedures. Most websites that are targeted for phishing are secure, meaning that SSL with strong cryptography is used for server authentication. In principle, it should be possible to confirm the site using the SSL authentication, but in practice, it is easy to deceive the user.

The superficial flaw in the browser’s security User Interface (UI) is that it is insufficient to deal with today’s strong threats. There are 3 parts for secure authentication: first,indication that the connection is in authenticated mode,second, the site which the user is connected to and third,which authority says it is the site that it claims to be.

Secure Connection: The user easily misses the padlock that was the standard display for secure browsing from the mid-1990s to mid 2000s. Mozilla featured a yellow URL bar in 2005 as a better indication that the connection is secure. However, unfortunately, this innovation was then reversed due to the EV Certificates, which replaced high value certificates with a green display and the rest with a white display.

Which Site: The user is expected to be sure that the domain name in the browser’s URL bar is in fact where they wanted to go. URLs can be too complex to be parsed and users often do not know or recognize the URL they intend to go making authentication meaningless. Many e-commerce sites will change the domain names within the overall set of websites making it harder for the user to trace himself. Also simply displaying the domain name of the visited website as some anti-phishing toolbars do is insufficient.

Firefox offers an alternative: A pet name extension which lets users type in their own labels for websites that they can recognize when they later return to the website. In addition, if the site is not recognized then the software warns the user or detects it outright. This symbolizes the user-centric identity management of the server. A graphical image selected by a user could be a better identification.

With the introduction of EV Certificates, browsers display the organization’s name in green making it more visible ad hopefully more consistent with the user’s expectations. But then the browser vendors have limited this display to only EV Certificates, leaving the user groping in the dark for other certificates.

Who is the Authority As far as the user is concerned, the browser is the authority at the simplest level since no authority is stated at this stage. The current practice is for the browser vendors to control a root list of acceptable Cas. The problem is that all Certification Authorities (CAs) employ neither good nor applicable checking. In addition, neither do all CA s subscribe to the same model and concept that certificates are only about authenticating web sites or e-commerce organizations. Certificate Manufacturing is the term given to low value certificates that are delivered on a credit card and an email confirmation, which can be easily perverted by fraudsters. Thus, a valid certificate issued by another CA may spoof a high value site. This could happen because the CA is in another part of the world and it is unfamiliar with high value e-commerce sites. Nevertheless, since the CA is charged with protecting its own customers and not the customers of another CA there is an inherent flaw in this model.

The solution to the above problem is that the browser should show and the user must be familiar with the name of the authority that issues the certificate. This projects that the CA as a brand and allows the user to come in contact with the handful of CAs in their country. The use of brand provides the CA with an incentive to improve their checking and the user would demand good checking for high value sites.

This solution was put into action in early versions of IE7 when displaying EV Certificates where the issuing CA was displayed. Nevertheless, this turns out to be an isolated case. There is resistance for branding CAs on the chrome resulting in a fallback to the simplest level above: the browser is the user’s authority. (more…)