Recent news on this issue from Panda Security’s Oxygen 3 E-bulletin on IT security, indicates that Cyber-crooks are unrelenting in their chase to infect web search results. According to Panda “there is a steady increase in the use of custom-built websites designed to drop malicious code on computers, or even the manipulation of legitimate pages in order to infect users with malware.”

PandaLabs maintains that cyber-crooks have begun to opt for a new technique: the manipulation of search engine results, or seeding websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

For more information on this, and other threats checkout Spyware Sucks, a great Blog that will keep you up to date on the latest risks to your online safety.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system:

• Don’t open unknown email attachments

• Don’t run programs of unknown origin

• Disable hidden filename extensions

• Keep all applications (including your operating system) patched

• Turn off your computer or disconnect from the network when not in use

• Disable Java, JavaScript, and ActiveX if possible

• Disable scripting features in email programs

• Make regular backups of critical data

• Make a boot disk in case your computer is damaged or compromised

• Turn off file and printer sharing on the computer.

• Install a personal firewall on the computer.

• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

• Ensure the anti-virus software scans all e-mail attachments.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The free software listed below, in my view, provides better than average malware protection.

avast! 4 Home Edition

www.avast.com

This anti virus app is a real fighter, scanning files on demand and on access, including email attachments. Let’s you know when it detects mal-ware through its shield function. An important feature is a boot-time scan option which removes mal-ware that can’t be removed any other way.

AVG Anti-Virus Free Edition

www.free.grisoft.com

Similarly, this program scans files on access, on demand, and on schedule. Scans email; incoming and outgoing. For those on Vista, your in luck, it’s Vista-ready. I have been using this application since its release and it now forms part of my front line defenses. I recommend this one highly.

Ad-Aware 2007

www.lavasoftusa.com

In my view, Ad-Aware 2007 Free is the best free spyware and adware remover available. It does a relatively good job of protecting against known data-mining, Trojans, dialers, malware, browser hijackers and tracking components. The only downside with the free version; real-time protection is not included.

ThreatFire 3

www.threatfire.com

ThreatFire 3 blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. Highly recommend this one!

Comodo Firewall Pro

www.comodogroup.com

The definitive free firewall, Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I have been using this application for 6 months and I continue to feel very secure. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!

WinPatrol

www.winpatrol.com

Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs. You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

Sandboxie

www.sandboxie.com

Surfing the Internet without using Sandboxie is, to me, like jumping out of an airplane without a parachute. Deadly! This application creates a “Sandboxed” protected environment on your machine within which you browse the net. Data that is written to your hard drive is simply eliminated, (or not, your choice), when the sandbox is closed. Utilizing this application allows you to surf the web without the risk of infecting your system with mal-ware or other nasties. This is another security application I have been using for over 6 months and it has yet to let me down. Highly recommended.

Snoop Free Privacy Shield

www.snoopfree.com

Snoop Free Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. I have been using this application for quite some time, and I have been amazed at the number of programs that have requested access to my keyboard and screen. Particularly, programs that I am in the process of installing. If you’re serious about privacy, this is a must have addition to your security toolbox.

Share this post :

How to use Netstat:

You should close all open programs before you begin the following process, if you are unsure which ports/connections are normally open while you are connected to the Internet. On the other hand, if you are familiar with the ports/connections that are normally open, there is no need to close programs.

There are a number of methods that will take you to a command prompt, but the following works well.

Click Start>Run>type “cmd” – without the quotes>click OK> this will open a command box.

From the command prompt, type Netstat –a (be sure to leave a space), to display all connections and listening ports.

You can obtain additional information by using the following switches.

Type netstat -r to display the contents of the IP routing table and any persistent routes.

The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution.

The netstat -s option shows all protocol statistics.

The netstat-p option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified.

The -e switch displays interface statistics.

Running Netstat occasionally is a prudent move, since it allows you to double check which applications are connecting to the Internet.

If you find there are application connections to the Internet, or open ports, that you are unfamiliar with, a Google search should provide answers. A very good source of information is Steve Gibson’s website, Shields Up, where you can test all the ports on your machine as well as testing the efficiency of your Firewall. Take the Firewall test; you may be surprised at the results!

If you are unfamiliar with, or uncomfortable with using the command structure, there are a number of free real-time port analyzers available for download. My favorite of the two is CurrPorts since it provides more of the type of information I require.

Process and Port Analyzer is a real time process, port and network connections analyzer which will allow you to find which processes are using which ports. A good little utility that does what it says it will do.

Quick Facts:

• View currently running processes along with the full path and file which started it
• View the active TCP Listeners and the processes using them
• View the active TCP and UDP connections along with Process ID
• Double click on a process to view the list of DLL’s

Download at: Download.com

CurrPorts allows you to view a list of ports that are currently in use, and the application that is using it. You can close a selected connection and also terminate the process using it. As well, you can export all, or selected items to an HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.

Quick Facts:

• View current active ports and there starting applications
• Close selected connections and processes
• Save a text/ HTML report
• Info on local port name, local/remote IP address, highlighted status changes

Download at: Download.com

Microsoft delivers 11 patches, 6 critical; Excel flaw left unpatched by ZDNet's Larry Dignan -- Updated: Microsoft delivered 11 patches on Tuesday addressing 17 vulnerabilities. Six updates fix critical flaws and five address important vulnerabilities, but an already exploited Excel zero day was left unpatched. Microsoft’s advisory last week noted 12 patches fixing 7 critical vulnerabilities. One critical Windows vulnerability was cut due to quality issues. A Microsoft spokesman did confirm that [...]

The latest Firefox security advisory noted on the Known Vulnerabilities in Mozilla Products site lists the following vulnerabilities as having been patched.

• Web forgery overwrite with div overlay
• URL token stealing via style sheet redirect
• Mishandling of locally-saved plain text files
• File action dialog tampering
• Web browsing history and forward navigation stealing
• Directory traversal via chrome: URI
• Stored password corruption
• Privilege escalation, XSS, Remote Code Execution
• Multiple file input focus stealing vulnerabilities
• Crashes with evidence of memory corruption (rv:1.8.1.12).

It is highly recommended that you update immediately by clicking on Help - Check for Updates in FireFox.

It is probable you have protected your machine with an appropriate defense system including a firewall (either software or hardware), a sound and effective malware suite (including anti-virus and spyware), and an additional protection layer against zero-day threats with the installation of an application such as ThreatFire 3 developed by PC Tools.

You can relax and you can consider yourself relatively safe, or perhaps even invulnerable, right? Well, maybe not. Sure, most of use Microsoft’s Windows Update so that we are current with operating system critical updates, and security fixes. You can determine whether or not you are running the latest WUA by visiting Windows Update.

But, where many of us are still vulnerable, is in the lack of consideration we have given to the vulnerabilities that exist in our currently installed applications.

Some recent examples of vulnerabilities include, Mozilla Firefox, Apple iTunes, Quicktime, Skype internet phone, Adobe Acrobat Reader 7.02, 6.03, Sun Java Run-Time, Macromedia Flash 7, Winzip 8.1, AOL Instant Messenger 5.5, Windows/MSN Messenger, Yahoo Instant Messenger 6.0, BitDefender, RealPlayer.

So, wouldn’t it be great if there was a free application that could do the job of ensuring that all installed applications were either patched or up-to-date? Well, there is.

The Secunia Personal Software Inspector (PSI) from Secunia constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

ZD Net, one of my favorite sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”.

Quick Overview:

• Allows you to secure your PC - Patch your applications - Be proactive

• Scans for Insecure and End-of-Life applications

• Tracks your patch-performance week by week

• Direct and easy access to security patches.

• Detects more than 300,000 unique application versions

• Provides a detailed report of missing security related updates

• Provides a tabbed report which indicates programs that are no longer supported - programs with all known patches - insecure programs, etc.

• Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

Download at: Secunia https://psi.secunia.com/

The Secunia PSI is free for private use.