Quantifying your WEB SECURITY

This small presentation will sail through a set of questions for any web/Internet user and will mark for every question as the user decides to answer.The safety score as it ends up lets the user know of where he stands in terms of IT SECURITY on the web!!!!

9TH JULY 2012 : R u a Victim?

1. All the fuss about 9th July that says about the risk of "DNSChanger" malware, which will result in your computer getting disconnected from the Web on July 9 if you don't clean it up. You won't be able to go online, and you'll need to contact your service service provider for help getting the malware deleted before you can reconnect to the Internet....strange it may sound...but it is true...even the FBI has given a warning sort at its link here at https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

2.  Just to check if u r a likely victim,McAfee has created a link at www.mcafee.com/dnscheck for you to find out if u r a likely victim or not ? I checked out the same on my PC....it showed the following screen shot.....

3.   Do check out urs....and rectify if need be....

IE users stand vulnerable again : Warning from MICROSOFT

1. This one is a real eye (....or more simply account) opener of so many IE Web browser users across the globe and this one comes straight from the horses mouth....ie MICROSOFT which has warned that the approx 900 million users of its Internet Explorer Web browser are at risk of having their computers commandeered and their personal information stolen by hackers.Microsoft has issued a 'critical' security alert over a newly-disclosed flaw that impacts all versions of the company's Windows operating system, including Windows XP (SP3), Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008 (R2).

2. The trouble is meant primarily for users of IE only since no other major web browser available supports MHTML files.Microsoft also adds that the bug is inside Windows, (else who is going to use IE??????).Till date/hr as of now no hackers have been reported to exploit the vulnerability. 

3. An attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicks that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session.Such a script might collect user information (e.g. email), spoof content displayed in the browser, or otherwise interfere with the user's experience.

4. For the otherwise already loosing users at a quick pace,this release would pacen up the loosing percentage of IE users across.

5.   Thanks http://www.smh.com.au

BitDefender : Tips for Safe Shopping on Mobile Devices

A small piece of advice by BitDefender on security aspects while using new generation mobile devices.Pls click HERE

Trojan.Spy.YEK : The Corporate Spying Tool

1. The Stuxnet trembles and quakes are still not over and unlikely to be forgotten for some years.After the stuxnet storm ,each one from the corporate sector IT bosses to IT admins in individual capacities,every one was trying to be careful of any sign of outside intrusion . These days when some e-threat comes along and sniffs for critical data, it could mean billions & trillions of money IN/OUT in seconds. 

2. Trojan.Spy.YEK is unlike a regular Spying Trojan that looks for documents and archives that may hold private information but also sends it back to the attacker.

3. Trojan.Spy.YEK has both spying & backdoor features with an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of easy pings & sharing all with the attacker.

4. The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots(trying to make a user freindly hand guide for later action...isn't it so caring?????) of the ongoing processes.

5. Some of the commands it is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension. Shortly put, it uploads all the interesting data on a FTP server without the user’s consent.

6. The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEKa prime suspect of corporate espionage as it seems to target the private data of the companies.

7. This infection will change the registry settings and other important windows system files. If Trojan.Spy.YEK is not removed it can cause a complete computer crash.Some Trojan.Spy.YEK infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc. 

8. On top of that, the Trojan can run without problems on all versions of Windows® from Win 95® to Seven®. 

FBI : A Parent's Guide to Internet Safety

A must read guide from  The Federal Bureau of Investigation (FBI), an agency of the United States Department of Justice for all the parents in the world, advising & trying to make them understand the complexities of online child exploitation.....please click HERE