[IS&T Security-FYI] SFYI Newsletter, April 10, 2008

Monique Yeaton myeaton at MIT.EDU
Fri Apr 10 12:57:09 EDT 2009 

In this issue:

1. Rogue DHCP / DNS Changer Virus
2. Least Privileges is Safer


------------------------------------------------
1. Rogue DHCP / DNS Changer Virus
------------------------------------------------

A virus has been making its rounds on campus that changes the network  
setup information on computers using DHCP over wired or wireless  
connections to get to the MIT network. If infected, what will happen  
is that a web browser will be redirected to web sites spoofing  
legitimate ones, and into which identity and financial information is  
unknowingly entered. False network information may also prevent  
network access, create an IP address conflict, or generate other  
network-related error messages.

MIT is now blocking DHCP requests at the border to the known DNS  
servers used by this malware. This may cause some users to have  
difficulty accessing the network who had been using these DNS servers  
without being aware of it. However, it greatly enhances the security  
for users on the MIT network as it prevents these DNS servers from  
sending false information in response to DNS requests (man-in-the- 
middle attacks). It will also help the Computing Help Desk staff to  
more quickly identify any networks with infected hosts because  
machines that pick up the bogus DHCP and DNS info will not appear to  
work normally anymore.

If you notice any of the following symptoms:

	•	IP address conflicts
	•	Failure to connect to the network
	•	Unexpected network configuration values, especially DNS settings  
values
	•	"Normal" behavior with short blips of lost connectivity

please contact the IS&T Computing Help Desk at computing-help at mit.edu  
or 617.253.1101.


----------------------------------
2. Least Privileges is Safer
----------------------------------

There is a principle that applies to computer security, which states  
that running a computer with least access privileges makes the  
computer safer from viruses and other attacks. In fact, one study  
showed that 9 out of 10 viruses could have been thwarted, had the user  
not been logged on as an administrator.

Why is this? When you run a computer with administrator access rights,  
the computer makes the operating system's core features (such as  
downloading or removing software, or changing core system settings)  
available for you to use. When logged into that same computer with a  
guest or standard user account, many of those core system features are  
not accessible.

How does this protect your computer? Much of the malware out in the  
wild take advantage of the fact that many Windows users run their  
computers with administrator privileges. Having the core systems  
settings available to anyone with access to the computer at the time  
it is running allows any downloaded malware at the time to modify  
those settings. It makes it extra difficult to remove the malware as  
well. By the way, Mac OS X users are less affected because once an  
administrator has been set up on the computer, the operating system  
requires the administrator password to be used for these same core  
system tasks for any user of the computer.

While it may be a detriment to some users to have limited access to a  
computer through a standard user account, we must remember that web- 
browsing and downloading from the Web opens our computer up to  
possible infection. Giving guests a limited account makes sense in  
these cases. Also, if your work computer contains sensitive data, you  
may want to run that computer using a standard user account. This will  
protect the data from possible modification or disclosure, in the  
event you did something you didn't mean to do, or somehow the computer  
got infected. Windows also has a Run As feature and Vista has the new  
UAC feature, both of which basically use the same principle of least  
privilege.

Next week I will have more information available online for those  
interested in this topic. If you are concerned that these settings  
will make it more difficult to carry out your everyday work tasks,  
it's best to verify what using this feature would change as far as  
accessiblity. Discuss with your desktop support person or the  
Computing Help Desk how best to set up least privileges on your  
computer. This is also something you will only want to try yourself if  
you have an advanced level of computer technology knowledge.


=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090410/fa121e69/attachment.htm

More information about the ist-security-fyi mailing list