Blog Entry

IT Terrorism

12 October, 2007

IT Terrorism

The definition of Terrorism according to Wikipedia is - "Terrorism in the modern sense is violence or other harmful acts committed (or threatened) against civilians for political or other ideological goals."

If this is the case, this article is appropriately named.

Here we go again. The bad guys have raised the bar one more time. Google just finished putting out a paper that indicates that the web is becoming mine field of bad and vicious code. Let me explain.

An adversary can create a web site that will "inject binary code" on to your machine just by you going to visit the site. How this happens is that you could go to one of these sites and when the web page gets loaded onto your computer screen, because most users are logged on to their computer as an administrator, your machine gets the bad code installed automatically, behind the scenes, with your permission because you are the administrator. The bad code could consist of adware, malware, spyware, or the one that scares me is the "*bank Trojan".

This type of infection is what is called a pull type of infection. The difference between a push and a pull is ... an email message with an attachment would be a push type. You didn't ask for it, it got sent to you. A pull type is when you go to the Internet and type in a web site address and hit enter, you have just asked for all the code, thus it is considered a pull type of transaction.

Firewalls, anti-virus programs and anti-malware programs are ineffective in these instances.

Recommendation from CIA Computing Ltd:

Home Users - create two accounts on your computer, one for an administrator, and one for a basic user. What this will do is when you use your computer you will use it as a regular user and not the administrator. If you have any tasks that you have to do that require administrator privileges, you will log on as the admin. The reason for all of this inconvenience is that basic users have no rights to install anything. This means the drive-by install shouldn't happen.

If you have any trouble setting up these accounts, I know a good IT guy that could help you out. You could book an onsite call for less than you think.

Client - Server - Make sure your network administrator has sufficient firewall and group policies and appropriate permissions in place to prevent installs on the computers. Make sure that your network administrator also has a basic user account that they use to do regular tasks. Servers should be blocked from Internet access where possible anyways.

*A bank Trojan is a program that can be downloaded on to your computer that will follow you while you travel the internet and when you go to banking sites, the program will collect information like bank account information, user ID's and passwords and send them off to the adversary.

(This does not mean that web banking is necessarily unsafe, what it means is that if you take a safe approach to setting up, maintaining and operating your computer, web banking can be enjoyed as a great time saving convenience.)