[AI] 2010 WEB THREATS REVEALED

Sanjay ilovecold at gmail.com
Tue Jul 20 03:42:15 EDT 2010


 Crimes of convenience
Crimes of convenience
Don't fear scareware
Lost laptops & exposed data
Data theft in public & private
Privacy policy loopholes
Additional resources

Antivirus software and a firewall alone can't guarantee your safety.  Tony
Bradley explains how to foil the latest crop of sneaky attacks and nefarious
attempts to steal your data

If there's one technology-related story that's caught your attention this
year,
it's probably the one about Google pulling out of China (see
tinyurl.com/yavzk6
grams ).  Leaving aside the issues of human rights and web filtering, the
nub of
this story is that Google was attacked because the browser its employees
were
using to perform web searches was insecure.  Internet Explorer (IE) was so
riddled with holes that Microsoft was forced to issue an emergency patch.
But
the damage had already been done: Chinese hackers were able to target
Google,
and an international dispute was ignited.

When the government urges you to seriously consider switching allegiance
from IE
to Mozilla Firefox or Google Chrome (as happened in France and Italy), you
know
there's some pretty bad stuff going on behind the scenes.

Unfortunately, IE vulnerabilities aren't all you need to worry about.  Many
of
the web threats out there are avoidable: in most cases, you simply need to
learn
to spot the signs or recognise that the information you're sharing may leave
you
open to attack.

Scareware, for instance, has proved one of the biggest security headaches of
the
past two years, trading on your fear that your PC and the data stored on it
might be at risk.  Sometimes, such malware will also try to dupe you into
believing it's there to help.

Do you know how to guard against scareware?  How about Trojan horse text
messages?  Or social-network data harvesting?  Malicious hackers are a
resourceful bunch and their methods continually evolve to target the
changing
ways we use our computers.  New attack techniques allow bad guys to stay one
step ahead of security software and to get the better of even cautious and
well-informed PC users.

Don't let that happen to you.  Read on for descriptions of the most recent
and
most malignant security threats, as well as our advice on how to stop them
in
their tracks.

Make a few sensible changes to the way you behave and you'll avoid almost
all
the threats with ease.  But with more - and more sophisticated - threats out
there than ever before, it's worth casting your eyes over the following and
checking you're not at risk.

CRIMES OF CONVENIENCE

One of the biggest hidden threats on the web today has come about through
our
desire to get where we want faster and with less fuss.  The problem is
shortened
URLs, which offer a shorthand link to a website without you having to type
the
full address.

You'll find shortened URLs in newspapers, magazines and online, particularly
if
you use Twitter.  Bit.ly, TinyURL, Tr.im and Goo.gl are all common examples.
We
use such links to point to longer reviews or in-depth news stories to which
we've alluded in print.  They break up the narrative less and are easier and
quicker to type in than the original web address.  In short, they're
convenient.

The trouble is, it's not immediately clear where those links will take you.
Short URLs give no hint of the destination, which means attackers can
exploit
them to send you to malicious sites.

AVOID SHORT URL PITFALLS

If you're keen to continue using shortened URLs, use a preview tool to see
where
that seemingly innocent link intends to take you.

Twitter users should try TweetDeck ( tweetdeck.com), which includes an
option in
the Settings menu to display previews of shortened URLs.  With this enabled,
clicking a shortened URL within a tweet brings up a screen that shows the
destination page's title, as well as its full-length URL and a tally of how
many
other people have clicked that link.  With this information at your
disposal,
you can make an informed decision about whether to click through and visit t
he
site.

You can use similar methods on other short links you come across.  Several
browser plug-ins and services offer a preview function.  When you create a
shortened address at TinyURL.com, for instance, the service provides both a
shortened URL and a preview version that will show readers where it goes
before
they click on it.  Conversely, if you're considering visiting a TinyURL
link,
you can enable its preview service ( tinyurl.com/preview.php) to see the
complete URL.  Note that you must have cookies enabled in your browser.

Both ExpandMyURL.com and LongURLPlease.com provide web-browser plug-ins or
applets that will verify the safety of the full URLs behind abbreviated
links
from all the major URL-shortening services.  Rather than changing the
shortened
links to their full URLs, however, ExpandMyURL checks destination sites in
the
background and marks the URLs green if they are safe.

Goo.gl, Google's URL-shortening service, provides security by automatically
scanning the destination web address to detect and identify malicious
websites.
It also warns you when the shortened URL might be a security concern.
Unfortunately, Goo.gl has limited usefulness because it works only with
other
Google products and services.

DON'T LEAVE CLUES ON SOCIAL NETWORKS

Some of the personal details you might share on social networks, such as the
name of your secondary school, your place of birth or your birthday, are
used in
'secret' security questions requested by online banking and other websites.
Get
careless and you'll leave digital clues that could be combined to piece
together
your personal profile and exploit or steal it.

It's all too easy to do.  Listing your maiden name as well as your married
name,
identifying yourself as someone's mother or joining a 'family' group and
making
friends with other relatives on Facebook could leave you open to a
data-harvesting attack.  An attacker who collects enough details may be able
to
access your secure accounts.

FACEBOOK PRIVACY SETTINGS

After signing into your Facebook account, click Settings on the menu bar and
select Privacy Settings.  From here, you can choose who is allowed to see
various personal details.  You can hide your details from everyone but your
Facebook friends (our recommendation), allow members of your networks to
view
your details as well, or open the floodgates and permit everyone to see your
information.

You probably wouldn't set things up for everyone to view, but be cautious of
the
Network setting too - especially if that network happens to be London or
Manchester.  That's an awful lot of people who can see your current status,
what
you look like and, perhaps, when you were born and where you work.  Be
careful.

You can also set the privacy level for each component of your profile, so
you
might share your birthday but not the year, and hide your religious and
political views, the photos you post and your status updates.

Don't accept any friend requests from strangers.  Some such requests will be
perfectly legitimate, but others will be from hackers who are keen to see
what
information other people in your circle of Facebook friends are privy to.
If
you're serious about protecting your personal information, you shouldn't
accept
such requests.  If the person knows you, they'll have other means of getting
in
touch and will probably also be Facebook friends with other people you have
befriended.

Consider removing valuable information such as your birth date and home town
from your profile.  You should also think twice before participating in
Facebook
quizzes and chain lists.  Although it seems innocent and fun to share your
favourite breakfast cereal, your pet's name, the names of your children, the
first concert you attended or where you met your spouse, an attacker armed
with
enough of these titbits can assume your identity.

SOCIAL NETWORK IMPOSTORS

If you're connected with someone on Facebook, LinkedIn, Twitter or another
social network, it's probably because you know and trust the person.
Attackers,
however, can take control of your friend's online persona and then exploit
that
trust.  It's another important growth area for hackers and an more invidious
approach that calls for extra vigilance.

One of the most established tactics is the scam sent from a 'friend'.
Attackers
can hijack one of your friend's social-networking accounts using malware,
phishing scams and other techniques.  They then use the stolen accounts to
spam
you, steal your personal data or even con you out of cash.

Once the thieves have locked your friend out of the account, they may send
you a
note saying, Help!  I'm in Milan and my wallet was stolen.  Can you transfer
some money to me for a plane ticket?  Or they may recommend that you click
on
dodgy links that allow them to infect your PC or compromise your own
account -
suggesting you watch a funny video is a popular method of doing so.

DIGITAL TRAIL

Now that so much entertainment, shopping and socialising is conducted
online,
every web user leaves a rich digital trail of preferences.  The books you
read,
the films you rent, the people you interact with, the items you buy and
other
details constitute a gold mine of demographic data for search engines,
advertisers and anyone who might want to snoop around.

Stick with the companies you trust.  Despite reassuring messages displayed
on
some sites, privacy policies can be vague.  Make yourself aware of the
privacy
policies of the websites and services you interact with and restrict your
dealings to those that you trust to guard your sensitive information.  For
more
on the ins and outs of which sites are able to track your web trails and how
to
prevent it, see below.

USE PRIVATE BROWSING

The latest versions of IE, Firefox, Safari and Chrome include
private-browsing
modes that remove all traces of your web session when you shut down the
browser.
By deleting your site history, form data, searches, passwords and other
details,
these features can help you foil nosy colleagues or relatives.

SECURITY MYTH

I don't have anything an attacker would want

Many users believe the data stored on their PCs is valuable only to them or
has
no intrinsic value at all, and that they have nothing to protect and
therefore
no need to worry about PC security.  There are three problems with this.

First, instead of pilfering data, attackers often want to take control of
the
computer itself, as they can employ a compromised PC to host malware or to
distribute spam.

Secondly, you may not think that your PC has any sensitive information, but
an
attacker can use trivial information such as your name, address and birth
date
to steal your identity.

And third, most attacks are automated and simply seek out and attempt to
compromise all vulnerable systems; they don't discriminate based on a
target's
value.

DON'T FEAR SCAREWARE

You're probably familiar with the garden-variety phishing attack.  Like a
weekend angler, a phisher uses bait, such as an email message designed to
look
as if it came from a bank or other financial institution, to hook a victim.
Scareware is a twist on the standard phishing attack that tricks you into
installing rogue antivirus software by warning you that your PC may be
infected.

Scareware works by making you doubt yourself and your security setup.  Don't
take the bait.  If you don't have any security software installed on your
PC,
how did the alert magically appear?  And if you have got a security utility
that
identifies and blocks malicious software, why would it tell you to buy or
download more software to clean the supposed infection?  Become familiar
with
what your security software's alerts look like so you can recognise fake
pop-ups.

DON'T PANIC

You should already have antimalware protection installed on your PC.  If you
haven't, and you're concerned that it may be infected, use a free online
scanner
such as Trend Micro's HouseCall to give your machine the once-over (
housecall.trendmicro.com).  Another option is Microsoft's Malicious Software
Removal Tool ( tinyurl.com/lh23mw).  Then install a reputable antimalware
app to
protect your PC in the future.  For additional resources, see below.

UPDATE YOUR BROWSER

If you've haven't updated your web browser recently, do so immediately.
Such
fake messages will prompt you to visit the scammer's website, which may
infect
your PC further, but current versions of most browsers and many
internet-security suites have phishing protection to alert you to dodgy
sites.

While the databases these filters use are updated frequently to identify
rogue
sites, they aren't fail-safe, so you should still pay attention to every
URL.
To make this easier, both IE 8.0 and Chrome highlight the real, or root,
domain
of the URL in bold so that you can easily tell whether you're visiting, say,
the
genuine pcadvisor.co.uk or a spoofed site such as pcadvisor.co.uk.
phishing-site.ru.

TROJAN HORSE TEXTS

Some attackers will send spam text messages to your mobile phone that appear
to
be from your network provider or financial institution.  Known as Trojan
horse
text messages, they may direct you to a malicious site or request permission
to
install an update that will allow hackers to capture usernames, passwords
and
other sensitive information from your device.

Go to the source for updates and news.  If you receive a text message that
appears to be from a trustworthy source, but it directs you to install or
update
software, or if it initiates the installation and requests permission to
continue, immediately exit the message and verify the legitimacy of the
software
with your service provider.

You may receive unsolicited emails from companies that you do business with,
but
reputable firms won't send you unsolicited links and updates via email.
Similarly, such companies won't send you unsolicited text messages that
direct
you to install an update or download new software.

Attackers prey on your tendency to trust your network provider or financial
institution.  Don't blindly accept software updates or download apps to your
phone simply because the text message looks official.  If in any doubt,
follow
up with your network provider.

SECURITY MYTH

I have antivirus software installed, so I'm safe

Antivirus software is a necessity and a great start, but installing it won't
protect against everything.  Some antivirus products are just that - they
detect
and block viruses, but not spam, phishing attempts, spyware or other
malware.

Even if you have a comprehensive product that protects against more than
just
viruses, you still need to update it regularly.  New threats are discovered
daily, and antimalware protection is only as good as its last update.

Also bear in mind that security-software vendors need time to add protection
against emerging threats, so your antimalware software won't guard you from
zero-day or newly launched attacks.

LOST LAPTOPS & EXPOSED DATA

The portability of laptops and mobile phones is convenient, but it also
means
that such devices are easily lost or stolen.  If your laptop, netbook or
phone
falls into the wrong hands, unauthorised users may access the sensitive data
stored on it.

Encrypt your data using a utility such as BitLocker.  If you're using the
Ultimate or Enterprise versions of Windows Vista or Windows 7, you'll find
it
built in.  BitLocker is also available in Windows Server 2008 but you won't
find
it in the consumer versions of Vista and Windows 7.  For these operating
systems
(OSes), instead use the free, open-source program TrueCrypt (
truecrypt.org).

Encrypting your data isn't without a pitfall or two, however.  First, you
must
ensure that you always possess the key.  If you lose your encryption key,
you'll
quickly discover just how good encryption is at keeping out unauthorised
users.

USE STRONGER PASSWORDS

If encrypting seems to be more of a hassle than it's worth, at least use
strong
passwords to protect your PC.  Longer passwords are better, with more
characters
taking longer to crack.  You should also mix things up by using numbers and
special characters in place of letters.  For example, instead of
PCAdvisorMagazine, you could use PCAdvi$0rM at g@zin3.

You should have a secure password to log into your user account even if
you're
the only person who uses your computer.

Note, however, that while strong passwords are a great deterrent, they
aren't
impervious to attack.  An invader who has physical possession of your
computer
can find ways to get around that protection.

LOCK DOWN YOUR BIOS

By implementing a Bios password or a hard-drive password (or both), you can
ensure no one else can even boot the computer.

Getting into the Bios varies from system to system.  The initial splash
screen
that your PC displays at startup usually tells you which key to press to
access
the Bios.  Once inside, find the security settings.  Again, these vary from
vendor to vendor, but the Bios settings are fairly rudimentary.  Boot into
the
Bios, enter an eight-character password and navigate to the menu to apply
the
password on every boot up.  Press the Save & Exit option.

You can set a master password that prevents other people from booting your
computer or altering the Bios settings.  This option goes by different
names,
but it's often called an administrator or supervisor password.  If you wish,
you
can also set a hard-drive password.  This will prevent access to the hard
disk
until this is successfully entered.

Methods for circumventing these passwords exist (removing the Bios battery
is
one method), but having the passwords in place creates another layer of
security.

USE A RECOVERY SERVICE

If your equipment gets lost or stolen and can't be recovered, you'll at
least
want to erase the data it holds.  Some vendors, such as HP and Dell, offer
services that promise to do both for certain laptop models.

Both HP's Notebook Tracking and Recovery Service ( tinyurl.com/y98
millilitres22) and Dell's Laptop Tracking and Recovery are based on Absolute
Software's Computrace.  When you report that a laptop protected by one of
these
services has been lost or stolen, a small application on the PC contacts the
monitoring centre with news of its whereabouts once it's connected to the
web.
If a laptop can't be retrieved or the data stored on it is highly sensitive,
these services allow you to erase all the data stored on it.

Less comprehensive but free utilities such as the FireFound add-on for
Firefox (
firefound.com) provide similar capabilities.  You can configure FireFound to
automatically delete your passwords, browsing history and cookies following
a
failed login attempt.

SECURITY MYTH

Security is a concern only if I use Windows

Windows has had its share of security issues over the years, but that
doesn't
mean that other platforms or applications are immune from attack.  While
Microsoft's products are the biggest target, Linux and Mac OS X have
vulnerabilities and flaws too.  As alternative OSes and web browsers gain
users,
so they become more attractive targets to malware writers.  Increasingly,
attackers are targeting widely used third-party products that span OSes,
such as
Adobe Reader.

HP's laptop-tracking service lets you delete sensitive data from a laptop
that
can't be retrieved, while FIREFOUND, an add-on for Firefox, can delete your
passwords, history and cookies following a failed login attempt.

DATA THEFT IN PUBLIC & PRIVATE

Like laptops, mobile phones can hold a significant amount of sensitive data.
You can protect yourself using services such as Find My iPhone, part of
Apple's
$99 (ukp61)-per-year MobileMe service, and Mobile Defense for Android-based
smartphones; these perform location tracking and remote data-wiping.  Both
apps
use the built-in GPS capabilities of your smartphone to pinpoint the current
location of the device and relay that information back to you.

AVOID ROGUE WI-FI HOTSPOTS

Free Wi-Fi networks are available almost everywhere you go.  Attackers
sometimes
set up a malicious open Wi-Fi network to lure unsuspecting users into
connecting.  Once you've connected to a rogue network, the attacker can
capture
your PC's traffic and gather any sensitive information you send, such as
your
usernames and passwords.

If you want to get online at a coffee shop or in another public place, find
out
the service set identifier (SSID) of the establishment's network.  The SSID
is
the name of the wireless network that appears in your list of available
connections.  The SSID for a network at a McDonald's restaurant, for
instance,
might be 'mickeyds'.

An attacker could set up a rogue wireless router in the vicinity of the
McDonald's location and set its SSID to 'mcdwifi' or 'mickeyds2'.  Your
computer
would then display both names on the list of available networks.  The rogue
wireless network might even have a stronger signal and appear higher on the
list.  Make sure that you connect to the official network.

When in doubt, don't trust any open network.  Most free wireless networks
are
unencrypted and therefore unprotected.  That means that the data travelling
between your computer and the wireless router can be intercepted and viewed
by
other parties that happen to be within range of the wireless network.

Unless you have your own secure connection, such as a virtual private
network
(VPN), you should avoid using public Wi-Fi for logging into sensitive
accounts.
Limit your web usage here to reading the news and checking weather updates.

WEAK WI-FI SECURITY

If you're cautious, you've already secured your wireless network with a
password
to keep outsiders from accessing it or using your internet connection.  But
password protection alone may not be sufficient.

Use stronger encryption: several types are available and there are some
important differences between them.  Wired equivalent privacy (WEP)
encryption
is the most common variety found on wireless networks.  If you have a WEP
password in place on your Wi-Fi network already, you've taken a significant
step
towards protecting it from intruders.

But WEP can be cracked easily: tools are available that allow even unskilled
attackers to crack the code and access your network in a matter of minutes.
WEP
is still helpful, since most aspiring wireless network hijackers aren't
dedicated enough to take the time to break in, but to be safe you should use
Wi-Fi protected access (WPA) or its successor, WPA2.  These encryption types
resolve the weaknesses of WEP and provide much stronger protection.

Log into your router's web interface and find the wireless security
settings.
There, enable encryption and select either WPA or WPA2.  Enter a password,
save
the settings, and restart your router - and you'll start surfing more
safely.

ENDANGERED DATA BACKUPS

You know that you should regularly back up your data, especially files of
irreplaceable items such as family photos.  Storing backups on an external
hard
drive or burning them to blank CDs or DVDs and keeping them in a cupboard
will
enable you to restore files easily if your hard drive crashes or corrupts.
But
that approach also creates a portable and thus easily stolen archive of your
sensitive data.

Be sure to use a backup utility that allows you to protect your data with
encryption, or at least a password, to prevent unauthorised access.  If you
want
to take things a step further, you can put your backup files on an encrypted
external USB drive such as the Seagate Maxtor BlackArmor.  You can also find
external drives with biometric fingerprint scanners, such as the Apricorn
Aegis
Bio or the LaCie d2 Safe.  See page 80 for hard-drive buying advice and
reviews.

If you prefer, you can use an online storage service such as Windows Live
SkyDrive ( skydrive.live.com), which provides 25GB of free storage and
offers a
measure of security by requiring a username and password for access.

Unfortunately, copying 25GB of data and keeping it updated via SkyDrive can
be a
time-consuming and cumbersome process.  For a small fee, you can use a
service
such as Mozy ( mozy.com), which includes tools to automate the process and
ensure that your data is backed up regularly.

KEEP SOFTWARE UP TO DATE

Microsoft's products have long been favourite targets for malware, but the
company has stepped up its game, forcing attackers to seek other weak links
in
the security chain.  These days, third-party products such as Adobe Reader
provide attackers with alternative options for hitting your PC.

You should have both a firewall and an antimalware utility protecting your
system.  However, one of the simplest and most effective ways to guard
against
attack is to make sure your OS and applications are kept up to date.

Attackers have discovered that a considerable number of third-party
applications
such as Adobe Reader and Adobe Flash are present on virtually every computer
and
contain exploitable weaknesses.  To guard against threats, you can use a
program
such as the Secunia Personal Software Inspector ( secunia.com) to scan your
system, identify applications that have known vulnerabilities and install
the
necessary updates.

Do your best to stay informed of existing flaws for the various applications
you
use, and apply appropriate patches as soon as possible.  The About.com
Antivirus
Software site ( antivirus.about.com) is a good resource to use in collecting
such information.  You can also check sites such as McAfee's Avert Labs
Threat
Library ( vil.nai.com/vil/default.aspx) for the latest news on emerging
threats.

While attacking third-party products may be the path of least resistance,
bad
guys haven't given up entirely on Microsoft products.  Windows users should
have
Automatic Updates enabled and set to download and install important security
updates automatically.  Automatic Updates will keep the Windows OS and other
Microsoft software patched and current.

SECURITY MYTH

My router has a firewall, so my PC is protected

A firewall is great for blocking random, unauthorised access to your
network,
and it will protect your computer from a variety of threats.  But attackers
worked out long ago that the quickest way through the firewall is to attack
you
via ports that commonly allow data to pass freely.

By default your firewall won't block normal traffic such as web data and
email,
and few users are comfortable reviewing firewall settings and determining
which
traffic to permit or block.  In addition, many attacks today are web-based
or
originate from a phishing attack that lures you into visiting a malicious
site;
your firewall can't protect against such threats.

PRIVACY POLICY - LOOPHOLES

We won't share your information with third parties.  You've no doubt seen
this
phrase in privacy policies many times.  You might think that means the site
in
question won't divulge details about your visit to other companies or
organisations.  But, according to a study conducted last year by privacy
researchers at the University of California, websites have a huge amount of
wiggle room with that promise (see bit.ly/P7NVK).

The in-depth study dug into the privacy policies and tracking practices of
the
50 most visited websites as listed by Quantcast.  Researchers discovered
that
loopholes such as affiliate sharing and tracking code allowed for more data
sharing than you might expect.

Websites often reserve the right to share your data with affiliates,
including
entities owned by the same parent company or even outside contractors.  But
you
probably don't know how many affiliates a site has.  News Corporation (the
parent company of MySpace and Photobucket) has 1,578 affiliates, for
example;
CBS (the parent company of download.com) has 637.  Likewise, a site may not
actively share data with an unrelated company, but it might let that company
place a 'web bug' image or code on a site that can effectively track you.

Many sites try to protect data such as email addresses and personal
information,
and some restrict the data web bugs can collect.  For example, the report's
authors were careful to note that Google doesn't automatically aggregate the
data that its many Google Analytics trackers gather, although it does offer
incentives to share that information.

All that aside, the fundamental issue is that many users don't want digital
bloodhounds sniffing their tracks, even if those tracks are tied only to an
IP
address or some other numerical code.  Right now, you have little say in
what
information is collected and what it can be used for.

PROTECT YOUR PRIVACY

While there's no one simple solution, you can take some steps with browser
settings and add-ons to help retain your privacy.  For once, these steps
don't
require deleting all your cookies (including those that you want) after
every
browsing session.

IE 8.0's InPrivate Filtering monitors content from third parties that
frequently
appears on other sites (something that often, but not always, indicates the
presence of a tracker) and either blocks such content by default or allows
you
to select it for blocking.  Click on Safety, InPrivate Filtering to enable
it.
You'll need to enable InPrivate Filtering each time you start the browser.

Firefox has a range of privacy-protecting add-ons.  BetterPrivacy (
tinyurl.com/6 grams 76na) gets rid of Flash cookies, which some advertisers
use
and normally can't be deleted.  Taco ( taco.dubfire.net) creates behavioural
advertising opt-out cookies (the good kind) that will stick around even if
you
get rid of your other cookies.  And CookieSafe ( tinyurl.com/2qrvd6) offers
fine-grained management of all cookies.

The Ghostery ( ghostery.com) add-on alerts you to hidden trackers but
doesn't
stop them.  To block common JavaScript trackers, you can use NoScript (
noscript.net).  Bear in mind that while the other add-ons mentioned here
won't
significantly change your browsing habits, NoScript will; it prevents many
sites
from working properly until you manually approve them.

One option is to set NoScript to allow all JavaScript and then, when
Ghostery
reports a tracker, right-click on the NoScript icon to set the tracker
source
(which Ghostery also reports) as untrusted.  Allowing all JavaScript
nullifies
NoScript's protection against potential JavaScript attacks from unknown
sites,
but it means far less hassle in your day-to-day browsing.  You can also go
to
the advanced options for untrusted sites and click a box to forbid web bugs.

The GHOSTERY add-on can alert you to hidden tracking devices but doesn't
block
them, while NOSCRIPT is useful for blocking JavaScript trackers.

SECURITY MYTH

I visit reputable sites, so I've got nothing to worry about

You increase your PC's odds of being infected or compromised when you visit
the
shady side of the web, but even well-known websites are occasionally
infiltrated.  Sites such as those for Apple, CNN, eBay, Microsoft, Yahoo and
even the FBI have been compromised by attackers running cross-site scripting
attacks to gather information about users or to install malicious software
on
visitors' computers.

ADDITIONAL RESOURCES

Many online sites and services can help you learn more about PC security
threats, or can analyse your machine to make sure it's clean and safe

HOAX ENCYCLOPEDIA

The About.com Antivirus site has a comprehensive database of email and virus
hoax messages.  Before you forward the next 'urgent' alert to your friends,
check for it on this list.  tinyurl.com/e32cp

MICROSOFT MALICIOUS SOFTWARE REMOVAL TOOL (MSRT)

This tool is designed to scan for and remove current, pervasive threats.
Its
scan is smaller and faster than a complete antimalware scan, but it
identifies
only a handful of threats.  Microsoft releases a new version of the tool
along
with security fixes on the second Tuesday of each month.  tinyurl.com/lh23mw

MICROSOFT CONSUMER SECURITY SUPPORT CENTER

On this page you can find solutions to common security problems, as well as
links to other information and resources for Microsoft's security products.
tinyurl.com/y97hm9x

MCAFEE VIRUS INFORMATION LIBRARY

McAfee maintains a complete listing of malware threats, including details on
how
they spread and how you can protect your computer against them.
tinyurl.com/mkdca4

PHISHTANK

A community project, PhishTank is a database of known phishing sites.  You
can
search the database to identify phishing sites, and you can add any new
sites
you've encountered to the list.  phishtank.com

MICROSOFT SECURITY ESSENTIALS

This free antivirus application provides real-time protection for Windows
PCs
against viruses, worms, spyware and other malicious software.
microsoft.com/security_essentials

GLOBALVIEW

Content filtering offers another means of protecting a home or small
business
network.  It works by comparing sites and web apps against a constantly
updated
database of threats and white-listing sites that are legitimate and pose no
threat.  Available with Draytek routers (among others), GlobalView costs
ukp25
per year and helps prevent unauthorised access at the point of entry,
meaning
guest PCs on a network are checked too.  tinyurl.com/yhvrwtw

TREND MICRO HOUSECALL

Trend Micro's free HouseCall service scans your computer online to discover
and
remove any viruses, worms or other malware that may be residing on it.
housecall.trendmicro.com


Technical telepathy: 09969636745
Saints are not always saints; sinners are not always sinners.






More information about the AccessIndia mailing list