Thursday, August 28, 2014

Cyber Security :Identify malware/spyware attack on computer

We need tools and manual testing in order to identify the attacks on computer, malware threats. Infection removal is possible only when we are able to detect the disease. In short we need to identify or detect the vulnerabilities and next step is to remove the existing malware threat.

As new techniques and tools are being developed to detect the vulnerabilities likewise  cyber criminals also not leaving any effort to make malware difficult to detect. Let us first understand the Virus, Malware, Spyware, Identity Thieves, Hackers.

Viruses infect computers through email attachments and file sharing. They delete files, attack other computers, and make your computer run slowly. One infected computer can cause problems for all computers on a network.

A worm is also a malicious code that do not infect other programs. It makes copies of itself, and infects additional computers (typically by making use of network connections). It does not attach itself to additional programs; however a worm might alter, install, or destroy files and programs.  

Identity Thieves
People who obtain unauthorized access to your personal information, such as Social Security and financial account numbers. They then use this information to commit crimes such as fraud or theft. 

Hackers are people who “trespass” into your computer from a remote location. They may use your computer to send spam or viruses, host a Web site, or do other activities that cause computer malfunctions.

Spyware is software that “piggybacks” on programs you download, gathers information about your online habits, and transmits personal information without your knowledge. It may also cause a wide range of other computer malfunctions.

Trojan Horse
A Trojan horse , is non-self-replicating malware that appears to perform a desirable function for the user but instead facilitates unauthorized access to the user's computer system. Trojan horses may be encrypted or scattered throughout a program, making it difficult to detect. 

Remote Administration Tool (RAT) is a type of Trojan, ethical people use it for constructive purposes like to provide online support if one is facing the problem in any software, to trouble shoot the issues with laptops or desktops. And unethical people use it to get unauthorized access into someone' s computer.

Cyber Security Threats caused by Remote Administration Tool(RAT):

The operator controls the RAT through a network connection. RAT provide an operator the following capabilities:
  Screen/camera control.
  File management (download/upload/execute etc.
  Shell control (from command prompt).
  Computer control (power off/on/log off).
  Registry management (query/add/delete/modify).
  Start, stop and restart Windows services.
  Copy/delete files and format disks.
  View and clear the windows event logs.
  Other software product-specific functions.

How to know there is Spyware

If computer is slow, you are automatically being directed to some other website, means there is malware. Few tips to detect malware:

  Endless pop-up windows.
  Redirected to other websites automatically.
  Random Windows error messages .
  Computer suddenly seems slow.
  New and unexpected toolbars appear in web browser.
  New and unexpected icons appear in the task tray.
  Browser's home page suddenly changed.
  Search engine your browser opens has been changed.
Prevent Spyware Installation

          Don't click  on links within pop-up windows
       Be  careful while installing free software , never forget to read user agreement.
       Be aware of unexpected dialog boxes asking -Do you want to run a xxxx program . Always select "no" or "cancel," or close the dialog box.     
Block pop-up windows and cookies by adjusting browser preferences.

Remove Spyware

  Spyware copies several files to different directories and changes the registry. Use a spyware remover - a program dedicated to removal of spyware.
  Run a legitimate product to remove spyware e.g Ad-Aware, Microsoft Window Defender, Webroot's SpySweeper etc. 

Tuesday, August 5, 2014

Cyber Security - Block Ports

Unwanted open ports should be blocked in order  to protect computer from attacks. Hackers send the ping requests to random computers and wait for the computer response.  Though firewall prevents the computer from responding to these ping calls however it is advisable that we should block the ports which are not required. To see the steps please visit the weblink:

Email Security

Your organization security is at substantial risk if you have not implemented email security policy. Daily we all receive emails which con...