Business Security Information

Just last month I wrote an article on “Choosing a Secure Web Browser” after a recent attack using vulnerabilities in the Internet Explorer 6 (IE) web browser.   In that article, I stated that security researchers and some governments were recommending that people change to a different web browser or at least upgrade to IE8 (you can read the full article using the above link).  Just this weekend, a couple of other security researchers announced another vulnerability involving IE web browsers including IE8.  This vulnerability was confirmed on Monday by Microsoft.  The question now is whether to wait for a patch from Microsoft or to change web browsers?  Let’s look at the highlights of the vulnerability to determine the right answer for you and your business.

When you look at the desktops, laptops and other devices in your business, do you realize the number and variety of software applications running on these devices?  Applications include Adobe Reader, Adobe Flash, Microsoft Office, off-the-shelf accounting software, and other similar types of applications.  Beyond these normal applications found on most computers, custom applications may also be used in your business such as credit card processing, accounting or other business-oriented software applications.  Most business owners and managers do not realize the number and variety of applications running on the computers they use.  Studies have shown that businesses spend most of their security efforts updating and securing the computer’s operating systems and not the software applications.

Crimeware is a form of of malware (malicious software) that is  used to attack your computer and/or network.  Crimeware is designed for one purpose which is to facilitate illegal or criminal activity.

This type of software is often used to commit identity theft.  Also, crimeware allows attackers to capture and export sensitive information which they can sell or use to exploit for some other type of financial gain.  Another common type of crimeware includes phishing kits that allow an attacker with little or no technical skill to launch a phishing attack.  This type of crimeware may include website development software, content for the site, and spamming software that will allow the attacker to send out mass e-mails to their phishing targets.

A rootkit is a collection of software programs that contain a variety of tools and allow an attacker root or administrative level access to a computer or network.  Attackers install rootkits usually after having obtained basic user level access to a system, then gaining higher access to the account by using a cracked password or through some other vulnerability on the system which allows them to install software on the system.  Once a rootkit is installed, it allows the attacker to bypass security measures and hide the intrusion.  Rootkits do this by replacing normal operating system components or altering existing system tools or software so as to escape detection.

In security, a Trojan Horse is similar but not the same as it was described in Greek mythology in which the Greeks presented the city of Troy with a wooden horse in which they had hidden their soldiers.  After the Trojan Horse was inside the city and night had fallen, the soldiers emerged from the wooden horse and overtook the city.

In the computer security field, a backdoor is basically a computer program that gives an attacker easy access to a computer system and bypasses security measures that are currently in place.  Computer programmers sometimes install backdoors in the programs they write, but they use the backdoor  to access the program for the purpose of troubleshooting the software.  For this definition, we will limit our discussion to backdoor programs that attackers use.  Backdoors, whether used as a troubleshooting tool or as a means of gaining undetected access to a computer system, are a security risk.

Spyware is a specific form of malware which tracks a person or gathers information about them without their knowledge.  This means that spyware is usually hidden from the user. Software that is installed with the user’s knowledge is not considered spyware.

Spyware can include software that secretly monitors a user’s behavior, but it can also include much more such as collecting personal and account information and e-mail addresses, changing computer settings, installing additional software, and other similar types of activities.  Spyware can be an issue also from the stand point of slowing down your computer and your internet connection speed.

What is ATM Skimming?

ATM Skimming involves a device called a skimmer to gather and store the information from your ATM card.  A crook also has to install a hidden camera, usually a wireless camera, pointed at the keypad so your pin number can be gathered or transmitted.  There are some small cameras or hidden cameras on the market that have built in flash drives or digital video records that can store information so the bad guy does not have to be nearby to gather the PIN numbers.  Another method is to use a fake keypad or keypad overlays which, when slipped over the original keypad, can either transmit or store the information.  Watch this YouTube video to see an actual skimming device and hidden camera.

Malware is a term you hear a lot in the security field, and I am not always sure if everyone understands what the term means.  Malware is basically a generic term used to describe a variety of bad software that is meant to damage, annoy, or infiltrate a computer or network without the user’s consent or knowledge.  Malware includes software such as viruses, worms, trojans, spyware, rootkits, adware, crimeware and any other type of malicious software.

It is usually not the purpose of this blog to write about every type of virus or malware that is discovered–there are  plenty of websites out there that do a good job of that.  Sometimes, however, I do like to make note of malware that I feel can affect your business in a broad way.  I wrote about the conflicker worm back in May of this year for similar reasons.  Some of the security measures that I mention in both articles will help protect your business from a variety of malware, not just the ones noted in these two articles.