Electric Company fear Mongering gone wrong!!

I saw this talking going on at Arstechnica and SANS Interenet are Talking about the Elecric Company Fear mongering. Here’s what Ars Says:

It sounds like something straight out of Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.

[Via Arstechnica]

[ad#cricket-right-ez]This was posted today with people asking the question Is the Electric company have a viruses or have a worm? I don’t know but these fears are coming from the Wall Street Journal:

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

[Via Wall Street Journal]

Now let’s talk about this, This is being a talked about on a friends Podcast, The Caffination Podcast. This is where I have figure we should talk about this. I think Sans Internet Storm says it better than I could:

One email stated that The power systems we have in place today are ran by Knobs and Switches. Mostly built int he 70’s and 80’s, these power stations are mostly ran by manual intervention. The power stations that _have_ been stood up since then, a couple of Nuclear Power stations, are federally regulated to not have any connections to anything, let alone the Internet.

Since this particular email comes from a very trusted source, I am inclinded to believe this person. Is it possible that there ARE computers in power stations that are connected to the Internet? Yes, I am quite sure there are. However, is it possible that the computer or computers (if there are any) that actually CONTROL the power are connected to the internet, I tend to not believe that.

[Via Sans Internet Storm]

I agree with what Sans is saying but I don’t think there is anything to worry about, for the fact that I think that the computers that control electricity are not hard wired to be online. This is meaning that if someone virus or worm gets on those computers there is no way these viruses or worms could talk back to command and control. This is my Theory and I don’t work from the electric but I do think this is the most plausible way they are preventing this type of attack. The First Tier, just like tech support, is for Corporate and technicians to talk to eat other over the intranet. The 2nd Tier, this is the important computers that would control Electric process. I don’t know this for sure but I think the 2nd tier would be used to isolate the computers from being accessed externally. Like I said before I don’t work for the electric company and this is all theory on how the electric has this set up!! So you can take it with a grain of salt or come up with your own ideas.

Spam Messages go out with Fake Conficker Alerts

Sopho’s blog is reporting:

This past weekend, SophosLabs noticed a new “Conficker” theme in the content of these spam messages. Instead of saying there is a critical windows update that needs to be applied, they say that “your Internet company” believes you to be infected, and to click the link to scan your computer

[Via Sophos]

[ad#cricket-right-ez]As in [intlink id=”3114″ type=”post”]previous post about fake Anti-virus Software[/intlink] sites trying to scare you into sending them free money.  You should always be cautious when it comes to these sites that make you think you have a virus.  Some things to consider when you visit sites that are claiming you have a virus:

  • Is this a true anti virus company?  If your unsure you can always google the company to better help you determine if this a fake site.
  • You also should consider going to the real deal on anti-virus there are several different companies that I know of off the top of my head but it should always be one that is not a fly by night type of anti-virus company.   The real companies have people and resources watching for the latest viruses, and other Maleware.

According to Sopho’s the Maleware site is detected as Mal/FakeAV-AH with there system.  Remember you don’t always have to buy anit virus software there are [intlink id=”2205″ type=”page”]several good free versions[/intlink] out there that do a pretty good job at defending against a virus, Trojan, or a Computer Worm.  If you feel you might have a virus you can do a free anti-virus scans to make sure you are not infected.   I also suggest having a firewall installed if you have not done that yet, that will also greatly help prevent a virus or worm but remember you are the last line of defense with Maleware!!

Securing your Windows Machines

After a Long day at work, you sometimes feel like there isn’t much you want to talk about. Then this idea comes to me? Why do people blog and why do people talk about security?

I’ve come to realize something, I’m not one who was grew up understanding bits from bytes. I grew up as any family does fighting with my siblings.

Having been blogging the past few years, it seems like only yesterday that I started blogging. Cliche I know but still very much true. Most blogs do what they know, I aim to learn and teach each day I blog. Like days like this when the world is pretty much quite and the [intlink id=”3214″ type=”post”]remnants of the conficker[/intlink] worm dies to a rumble.

[ad#cricket-right-ez]So how do you secure your Windows Machine?

After a day long battle with  my wife’s system, I grow to wonder if there is something I should do differently with how to prevent Viruses and Worms on her system.  So I’ve groomed my Knowledge base and come up with 5 good points when it comes to locking down your Windows Machines:

  • [intlink id=”994″ type=”post”]Lock down your Router/Modem[/intlink]  — Some people don’t know that having an insecure router with weak passwords is a way to get on another system.   This can easily be prevented if the users takes some steps to prevent. it.  Although if a hacker wants to break your encryption and find your Signal there is really nothing you can do but try to prevent that.
  • [intlink id=”2205″ type=”page”]Firewall and Anti-virus[/intlink] —  Although I know people think I am a broken record this will always be something I encourage for everyone who reads my blogs.  I will never stop beating people over the head with this.   Seeing the [intlink id=”3272″ type=”post”]Conficker map[/intlink] tells me there are quite a few without an Anti-virus or a Firewall, which might of given someone a heads up find out if they do or not!!
  • [intlink id=”2984″ type=”post”]Disabling AutoRun[/intlink] —  This can prevent a USB stick from installing software it shouldn’t.  Remember Microsoft has issued an statement on how to disable it for sure.  Although I must say The Security Now episode 187 seems to talk about this really well and how to make sure you do disable it the right way.
  • Make sure it is a Limited user account —  Most people always run as administrator when in fact that sometimes makes you more vulnerable to viruses, worms, and trojans.   Any software you install as an administrator will automatically be given Administrator rights.  That can be very bad when it comes to virus and such.
  • [intlink id=”2883″ type=”post”]Keep your System up to date[/intlink] — This is essental for people who to prevent exploits to be used against you.  Although  if your like me and you want to make sure your software is up to date some of that can be done with [intlink id=”553″ type=”post”]APPSNAP[/intlink].

With These tips, your system can be a little more safer.  Just remember there is no perfect way to protect your systems 100% only some of the time.  The rest depends on you, because your the last layer of defense.  Also it isn’t a bad idea to [intlink id=”2407″ type=”post”]back up your system from time to time[/intlink].

Hackers Jump onto Power Point Exploits : KB969136

In my Previous post, we talked about Microsoft [intlink id=”3280″ type=”post”]Advisory for KB969136[/intlink] and the exploit was in the wild.  It looks like Trend Micro has published some new spam attempts to get the users to open up the Maleware for them to deposit TROJ_PPDROP.AB onto there systems.

[ad#cricket-right-ez]Trend Micro has some screen shots of the most common Fake Presentations for you to see just how they try to get you to open the file.

Although these are some common tactics for  attackers to use such as  nude pictures, Earth Hour, or Celebrities without Makeup,  users who don’t normally use PPT should check the files out before you load them.  You also should remember to save them to a file and [intlink id=”2205″ type=”page”]scan them with your Anti-virus software[/intlink], also it wouldn’t hurt to have a firewall software.  It looks like these exploits tries to connect to the internet and you might be able to find out by the request from the firewall.

According to Internet Storm Center, the CVE place Holder for this is CVE-2009-0556 and hasn’t become live yet. I do not think they will release that information until they get a chance for Microsoft to patch the systems.

This would be a good time to remind IT staff and anyone who might use Power Point that they should not open anything they aren’t expecting and even then they should verify with your IT staff that it is safe until Microsoft issues a patch for this. I expect that if this become widely used it will be released out of Cycle or even In May’s Patch Tuesday. According to Microsoft you could install Microsoft Office Isolated Conversion Environment (MOICE) but requires Office 2003 and Office 2007 systems. Find out how you can use this work around at Microsoft’s Advisory of KB969136 for further instructions.

So it Is April 1, 2009 Now What?

So you survived the [intlink id=”3214″ type=”post” target=”_blank”]April Fools Joke[/intlink] that most people were talking about. Are you more Mindful of what a Virus is and how to best defend against it.  If not let’s go back in the past and talk about some of the necessary Programs:[ad#cricket-right-ez]

  • If you haven’t already installed a [intlink id=”2205″ type=”page”]Free Anti Virus[/intlink], this would be the time to.  Also install a Firewall to better protect you.
  • Never install any software from unknown site — This is most important even though they seem harmless enough there are sites that have [intlink id=”2991″ type=”post”]fake adobe updates or even flash updates[/intlink] that will install Maleware into your system.  So if you have any doubt should visit the main site like Adobe.com to check for updates.
  • [intlink id=”3114″ type=”post”]If something scares you, count to ten[/intlink] —  That is very useful when it comes to scareware sites that like to scare you into buying there fake anti virus software that doesn’t do anything.  I say count to ten because by the time you did you will go looking for information on either that site or that warning and come to the conclusion it was scareware.
  • [intlink id=”2991″ type=”post”]Don’t download untested software[/intlink] —  This is good for those who like to look for programs that are to expensive to buy but they want to have them.  Most of the time Hackers like to use Crackers to infect systems.  Although anything that is questionable can sometimes be infected with a virus so you should stay away from all of them.
  • [intlink id=”3248″ type=”post”]Apple’s OSX isn’t as secure as you may think[/intlink] — I hate when people say they are so glad to have a Mac, and yet it seems to be on the rise.  Macintosh Operating system seems to be getting some attention from Hackers because their more virus and trojans being made for the the Macintosh, so don’t get over confident.

Although these are just a few steps to consider when dealing with virus, trojans, and Worms.  It all depends on the End user to prevent this from happening.   So if you want to protect your identity and system you should consider using the right software.  If your a Vista you should also make sure your not running as an Admistrator, this will also protect your from getting infected.