Wednesday, October 21, 2009

3,200 Reported Account Hijacking on Facebook,Twitter

If you're on Facebook, Twitter or any other social networking site, you could be the next victim.
That's because more cyberthieves are targeting increasingly popular social networking sites that provide a gold mine of personal information, according to the FBI. Since 2006, nearly 3,200 account hijacking cases have been reported to the Internet Crime Complaint Center, a partnership between the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance
Continue reading:
http://edition.cnn.com/2009/CRIME/10/19/social.networking.crimes/index.html?iref=mpstoryview

From the article:

How to protect yourself against social media scams:
- Change your passwords frequently
- Adjust Web site privacy settings
- Be selective when adding friends
- Limit access to your profile to contacts you trust
- Disable options such as photo sharing
- Be careful what you click on
- Familiarize yourself with the security and privacy settings
- Learn how to report a compromised account
- Use security software that updates automatically

(Information provided by FBI and Internet security experts)

New Variant of Total Security Locks up Applications on Infected PC's

A new variant of scareware has been detected that not only inundates
users with exhortations to purchase phony antivirus software called
"Total Security 2009," but that also locks users out of nearly all
applications until they purchase the disreputable product. Once their
PCs are infected with the malware, the only program users can open is
Internet Explorer, so they can navigate to the site and make a purchase.

More:
http://blogs.usatoday.com/technologylive/2009/10/new-twist-on-scareware-locks-up-your-pc.html
http://www.pcworld.com/article/173765/a_rogue_demands_a_ransom.html

Saturday, October 17, 2009

Removing Conficker/Downadup from Your Network Using Active Directory

A couple of security companies have provided some neat freeware tools for network administrators to cleanup the downadup worm within their business networks. Some examples of these tools are:
1. Kaspersky Administration kit
2. Bitdefender Network Removal Tool
3. Sophos Conficker Network Cleanup Tool

These tools provide an automated deployment and disinfection for multiple computers at once.

However, I was called to an enterprise client who was suffering from a Downadup outbreak last May. The client had approximately 4000 computers across 6-8 domains. There was one problem though; since the network tools were not provided by the antivirus vendor they had installed, the client was not comfortable to install any third-party software on their servers. Luckily, they were ok with using the tiny, fast and silent Kaspersky kk.exe program. Now, I had to figure out to run this tool across all the infected machines for each domain. This is how I did it: