Scanner in Your Pocket

You might see PCs that are infected with Malware in public PCs and when you want to do run scan to remove those Malwares, you will notice that you login as standard user and you don’t have admin right. Administrator might not be around all the time and you will just give up or put a note for the administrator that please install updated version of Anti-Malware product on your PCs and the administrator might not care about it. In other scenarios, your friend might call you saying that their PC is infected and there is no way to remove Malware or there is a Malware that stop the PC from being boot up. If you are one the one that interest in security or you want help other people with Malware, it would be nice if you had a powerful Malware scanner in your pocket all the time. You could do that using Windows Defender Offline . It is very easy to create bootable scanner using this tools and you don’t need to be an expert to do that. Before creating Windows Defender Offline, you should remember these thing:

1.       It will completely format your USB/External Harddisk, therefore make sure you are using External Harddisk or flash memory that is empty or backup all of data from there because it will deleted.

2.       It will convert format of your flash memory to NTFS and create a name for it. You could reformat it to any type or rename it later on by right click on the device and click format

3.       It is recommend that only use the external device for scanning and don’t use to store personal data.

In order to create the scanner, you will need an USB Drive/CD/DVD with at least 250MB and you have to insert it into your PC and then visit Windows Defender Offline Website and download the tools in your PC and run it and you will see screen like below:

   

Read instruction to learn more about it and then press Next > it will show license agreement and you should it read and press I accept , then it will ask you about creating tools and you have to choose whether you want to create in CD/DVD or USB flash drive or create ISO and burn it to DVD later. Once you done these steps it will create it and it is ready to go. Let say if you create it into a USB drive, you could always have it in your pocket and if you face issues such as infected PC that couldn’t boot up or a Malware that already take over operating system and won’t let Anti-Malware to run, just insert your USB and run a full system scan and it will remove it. You should update this tools regularly and you could do that using the same tool which you create it and just insert USB and run the tools that you downloaded from the website to create it and it will guide you through update process. Now, you have a scanner on your pocket and you could use that to save infected PCs anytime.

 

 

The Cyberwar!!!

Most countries around the world, established a new department to protect themselves against Cyberwars. In Cyberwar, there is no rocket, bullet or gun, instead it is a war with Computers as weapons. It is very important to have a powerful Cyber-security in a country, because most of tools and weapons that are being used in military or national security relay on Computers and software. Identity of peoples are being store in databases and capture using software. Launch and control rockets are being done using software. Most communication through mobile phone, satellites, etc. are control and manage using software. Even electricity is being control by software. If groups of people be able to break into one of these systems, they are able to start Cyberwar, something worse than other wars. Just imagine rockets that developed by Ministry of Defense of one country being control with another country and they use their own rockets against them. In another scenario, they might shutdown servers related to banks and freeze salary for soldiers. There are scary things that could happen, if a country doesn’t have a powerful Cyber-security team. Technologies are making a country powerful and helps them to do thing faster and smarter. However, countries must know how to protect their technologies and protect their Cyberspace against internal and external attacks. There are several best for a Cyber-security team some of them are as follow:

1.  Never underestimate your enemy: You should never put your guard down, thinking that you are having the best of the best in your team. You don’t know everything about your enemies and they might have better people or strategy than you. So always be prepare for worse and try your best.

2.  Check everything: Whether it is a small USB that your employee carry around or a big printer that come inside your office. Check it thoroughly, there could be a Malware inside the USB or embedded in printers or other devices. Have a policy to check everything, including hardware, network, etc.

3.  Trust is never 100%: Enemies will plant spies in your offices and they will try their best to gain your trust. In other cases, someone fully trustworthy, could turn into a spy. Trust is never 100%, you need have some doubts even in the most trustworthy peoples.

4.  Change your processes: Randomly change your processes and adapt new strategy for security and checking. If you stick to a policy for too long, others could figure it out and counter-attack it. And the time to change policy should be randomly and not guessable. For example, it is not good idea to change policy in exact day or time, for example every year in March. It should be random, for example one year in March and another year in September and so on. Also, it should not be guessable like after management meeting, there is a new policy.

5.   Always be update: Security is undergoing process, keep yourself and your team update with latest technologies and get know about latest Cybercrime activities.

There are other best practices and it could be different from one country to another and it also depend on many factors such as your national defense budget for Cyber-security and resources. It is important for governments to invest on Cyber-security to protect their countries.

 

Destroying Rootkits and Bootkits

Rootkits and Bootkits are malwares that infect the deep part of operating such as kernel or other core part of operating system. Fighting with them was very challenging and difficult. In most cases, they could take complete control of Anti-Virus and Operating System. In that case, running scan with Anti-Virus won’t detect and remove them, because they are controlling Anti-Virus software. This is issue for all operating systems in the world, including Windows, Mac, Linux and others.  Anti-Virus couldn’t detect it because they will load before the operating system load. When you turn on your PC, there is a component inside your system known as BIOS that select the part that should start from Hard disk, DVD/CD, Network or others. Rootkits and Bootkits will manipulate the part of operating system which is belongs to booting process and since this process happens before your operating system boot up, the operating system couldn’t protect it. In order to detect Bootkits or Rootkits, Anti-Virus software develop new engine to detect known Bootkits and Rootkits, however, it is very difficult to detect unknown ones. In some cases, malwares would modify operating system and prevent it from boot and user couldn’t scan for malware, because simply operating system wasn’t able to load and until you couldn’t boot the operating system, you couldn’t scan for malware. This challenge has been address by introducing bootable scanners. Basically, users have to download a bootable scanner that is scanning engine that remove malwares (Virus, Worm, Trojan, Spyware, Rootkit, etc.) and when you start your PC, you should configure BIOS to boot with it instead of operating system and such action would prevent Rootkits and Bootkits to boot up first and scanner is the one that is boot first and scan your PC against malwares and remove them. Windows Defender Offline is an example of such removal tools and is free. If you are using any of Microsoft Anti-Malware Products such as Microsoft Security Essentials, System Center Endpoint Protection, Microsoft Forefront, Windows Intune, etc. When you are doing scan in Windows and if it detect possibility of Rootkits and Bootkits, it will ask you to download Windows Defender Offline and do scan during boot time.

There were some other changes, such as many people don’t know how to change their BIOS setting to boot scanner and there wasn’t any effective way that operating system could control BIOS and force it that operating system is the one that is allowed to Boot first. UEFI was an answer to such challenges. It is replacement for BIOS and the good thing about is that; operating system could control booting process. Windows 8 uses UEFI as protocol and control booting process, in such case, it only command UEFI to boot Windows components during booting process and trusted drivers and software and everything else later. Anti-Malware is also the first thing to boot when you start up your Windows 8 PC that has UEFI. In such case, all suspect activities during booting process could detect by Anti-Malware software and if it detects to be suspect, it could place to quarantine and ask you to send them for analysis.  This will helps to detect unknown Bootkits and Rootkits and remove them and prevent them to participate before system boots.

If you are planning to buy a new PC, you should consider that it runs Windows 8 and also your PC support UEFI.

 

My Email been Hacked!!!!

It might happen to everyone that someone or something gain access to your email. Your contact list could expose to others. Email on your behalf might send to others or your friends. Some of these emails, might contains Malware (Virus, Worm, Trojan, Spyware..,) and infect the receiver. You might not be able to login in your email and many other bad things might happen. In order to prevent such incidents, let’s discuss about how someone could gain access to your account. One common possible way is using hacking tools, someone might use tools to discover vulnerability in your system or ask you download some tools that gain unauthorized access. Another possible scenario is type of social engineering attacks. For example, you might use same password as your email for other websites and then one of those websites might get hacked and your password expose or it could be a phishing website. Another case, could be if you write down your password somewhere and someone read it or when you type your password, someone see it from your typing or record your typing using video and slow it down and view it later. It is possible to find password using recovery password methods, for example your security question could be “what is your favorite football team?” and many of your friends would know the answer. In other case, you might wrote your favorites or what you do in a website or you did an interview with press or someone find you lost diary and find about your favorites and answer question to password recovery. Such methods been around for many years and there been several warnings about such incidents, however every day many people report about their accounts been hacked by such techniques.

In case that someone trying to hack into your account using software (it could be someone that know you or someone who just looking for some target without knowing about them), you should keep your system protected. There are cases that certain software known as bots would randomly search PCs and finding vulnerability and use those vulnerabilities to copy them into the system and collect information such as username and password and send it to a server or from your email send unauthorized email to all your contact or certain people. In order to protect yourself, update your Windows and make sure your have Anti-Malware Software and Firewall and they are on. One easy way to check is open Control Panel  and then open Windows Security Center (Windows XP & Windows Vista) or Action Center (Windows 7 & Windows 8) and see your security status, is it okay or at risk? And do actions if needed (such as Update Windows, install Anti-Malware, etc). Other than that, you should make sure that all other software in your PC is update. For example, if you are using Java, make sure it set to check for update and you install all updates. Such actions would help you a lot and protects you against most of email hacking. If you want to do a quick test for Malware infection, you could run Microsoft Safety Scanner and make sure you run a full system scan. If there was any infection, you could click on that and if you have internet access read detail about it or write down their names and search later. Those details will give you good idea of what happened in your system. For example, it explain that one particular Malware is sending email on your behalf and if there is any other action that you should take to fully remove it.

You should concern about password recovery, just imagine if you don’t have access to your email or it been hacked, how could you reset your password? If you use security question, make sure it is known only to you and not something that everyone knows. You could also use different ways such as configure to do password recovery using SMS or Trusted PC or another email. Your password should be strong and not guessable. Strong password consist of alphabet uppercase (A-Z) and lowercase (a-z) and symbols (! @, #…) and numbers (0-9) and should mix of them and is long at least 7 to 8 character. Also, don’t write your password and make sure it is something that you only know and could memorize it. Your password recovery question that you chose when you want recover your password is as important as password itself and should not be guessable.

In case that you or anyone faces email hacking, do these steps:

1. Run a full system scan with Microsoft Safety Scanner and read detail description of Malwares
2. Update your Windows and check Action Center or Windows Security Center and see if something is wrong with your Windows Security or not?
3. Change your email password
4. Report it to your IT Admin (in company) or Email Provider and follow their guidance.
5. If you are using any of below emails please follow their help in case of email hacking:

• Outlook.com
• Hotmail.com
• Yahoo.com
• AOL.com
• Gmail.com

Windows Store Protects You

Windows 8 comes with a center that you could get applications that you want known as Windows Store. The idea is something similar to Windows Phone Store on devices that are running Windows Phone. Windows Store is a great to protect you against Malware (Virus, Worm, Trojan, Spyware…), Hackers and other online threats. The way that it protects you is very simple, whatever you download from Windows Store is already been tested and scan against threats. Developers could upload their application in Windows Store and it will go through a test and verification for Security and other things. If it contains Malware or harmful code, it won’t appear in Windows Store and you won’t have access to it. It also gives a good direction for people to get safe applications. In normal case, when someone looking for an application, the person will search for it online and download it from internet, it could be a safe website and safe download or an unsafe one which contains Malware. Some people might be familiar with safe download center website but it doesn’t have all application that you want. In Windows Store, developers encourage uploading their applications there (for Windows 8 Apps or Desktop Apps) in Windows Store and by browsing in Windows Store in Windows 8, you would see thousands of applications there for Windows 8 which are safe and secure. Security is not only about protecting against threats, it is also about helping people to get access to safe sources. It is great idea of having a central place containing secure applications. It is recommended to all users to download everything they want from Windows 8 Apps to stay safe and secure. There are applications that might not find in Windows 8 Apps and in that case you might need to search online for them, in this case it is recommended to contact the software manufacturer and recommend them to upload their public applications (for all users) in Windows Store.

The main advantage of Windows Store is that everything should validate and then is allowed to upload. In internet it is possible to setup a website or web repository and upload a Malware there. In other cases, group of hackers could hack into a reputable website and insert Malware there. Windows Store improve security because everything is under control and checked for possible security problems before appears in there. There are still other threats that might put users at risk such as install an Application from CD or DVD and in this case, you have additional layer of defends such as Windows Defender in Windows 8, SmartScreen filter and other security features. As security advise, check Windows Store for your apps and if it wasn’t there open your Internet Explorer and search for it, you have SmartScreen filter in Internet Explorer to block malicious downloads.

Inside Organized Cybercrime

There are different types of Cybercrime and the way that they are being organized is different from one to another. In a simple case, someone interested in type of Cybercrime will start to learn about it and try it on in random users. For example, someone might start learn about hacking and try practice those hacking methods on random users just by search for vulnerable PC s in a network . In another case, the target user might not select randomly and it could be someone that is known by hacker.  There is a type of Cybercrime which is well organized and it is like a real world company which there many peoples with jobs and responsibilities to achieve certain objective. The interesting thing about organized Cybercrime is that they have framework similar to the one in Software Engineering. Organized Cybercrime usually done by many people and everyone would have different duty and responsibilities which reach to a big objective. These organized Cybercrimes could operate in the following steps:

1)Define Project: The Cybercriminals will sit together to define a big target, it could be a big organization such as servers which contains millions of data or top secret records or attacking group of websites or people for certain objective. For example, a group of hackers might target series of websites, organizations or companies that are against them. In another case, project could define by third parties and a company, organization or person might ask group of hackers to hack into a specific website for them. When target set, they will proceed to planning.

2)Plan for Attack: In order to plan for attack it is important to learn about the target. They will review the target and this review could be finding out what operating system are they running, how the employees interact with systems in organization and other factors. It is important to have as much knowledge as possible about the target, because it will directly involve in how to hack into the system. For example, as organization that runs on Linux required hackers with strong knowledge in Linux to hack into the system. Once they understand about the target, base on their data they will start planning and look for people with specific skills to perform attack. It is similar to a real company, when you are starting a new project you will hire people with skills required with that project.

3)Attacking: When plan been set and people with required skills are ready, they will start to put plan into action. In some case, they might develop new Malware (Virus, Worm, Trojan…) or hack into some servers or database using tools. In this phase, attack could succeed and objectives achieve or they could fail while operating.

4)Remove Traces: During operation or after operating, they might expose, especially in cases of investigation by police or authority. In this case, they will plan ways to remove all traces and in simple way they might get disconnected from internet or shutdown their servers.

The above is just example of an organized Cybercrime works. It is not just a hacker sit behind a chair and work, work, work until find a way to break into a system. It is planned way and as user you should prepare for counter attacks. The best counter attack is to plan a security strategy and look into your organization and ask yourself these questions:

• If someone plan hack into my system or organization what he or she will do?
• A group of expert going to break into my system how can I defend?
• What are the common security mistakes been done by my employees?
• If someone hacks into my system, what can I do?
• Am I monitoring every corner and every PC in my organization?

Always consider a powerful enemy is planning to hack into your system and think about how to get ready for that. Follow advice of security experts and prepare to secure your system. Never put down your guards about Cybercriminals thinking your security strategy and systems are too powerful. Looking down on enemy is a big mistake. A small hacker could take over a large company, if it taken lightly.

 

 

 

Internet Explorer 10 is the Most Secure Browser

Internet is the place that most people around the world are using it. It could be useful and enjoyable or it could be harmful and dangerous. If you followed security warning about the computer, you might notice that there are many warning about internet and what you download or link that you click and websites that you visit. Websites and downloads are most common ways to get infected with Malware (Virus, Worm, Trojan, Spyware …).Having a good browser is important when it comes to security. A browser that could block Malware before you visit website or download them. 

In the recent research about Malware, Internet Explorer is the most secure browser when it comes to Malware protection and many other security features. There was a research conduct by NSSLabs, which is independent Security Research Company and they did a research about Malware blocking rate in the following browsers:

• ·         Apple Safari 5
• ·         Google Chrome 21
• ·         Microsoft Internet Explorer 10
• ·         Mozilla Firefox 15

And in their research, they run these browsers and then visited infected website and monitor how many of those websites will block by each browser. The more Malware which block means the browser is more secure and for example if a browser block 90 percent of Malware it means that from each 10 websites it blocks 9 malicious website that are dangerous and their test result is as follow: 

 Overall Malware Block Rate by Browser (higher % is better) 

 

As you can see Internet Explorer blocks over 99% of Malware which is a very high number of blocking. In the other word, if you use Internet Explorer the possibility that you get infected with Malware is very low, because most of the infected website or downloads will block before get into your PC. In addition, Internet Explorer comes with download manager and you don’t need any download manager to download programs from internet and this download manager will block malicious downloads.

However, note that you still need Anti-Malware product to protect yourself against threats that come from other sources such as USB, DVD, etc. Internet Explorer is additional security layer to protect you before you get infected from online threats and makes your Anti-Malware’s job easier and enhance your protection. In Windows 8, by default you have Internet Explorer 10 and Windows Defender as Anti-Malware. You could read the complete report from NSSLabs, here.