[IS&T Security-FYI] SFYI Newsletter, January 4, 2010
Monique Yeaton
myeaton at mit.edu
Mon Jan 4 14:26:03 EST 2010
Happy New Year!
In this issue:
1. Event: IAP Seminar on Protecting Personal Information
2. What is a Botnet, Exactly?
-------------------------------------------------------------------------
1. Event: IAP Seminar on Protecting Personal Information
-------------------------------------------------------------------------
As many of you may already be aware, Massachusetts has issued
regulations regarding the protection of personal information such as
social security numbers, credit card numbers, and bank account numbers.
In order to comply with those regulations, MIT will be implementing a
new information security program, effective March 1, 2010. This
program will include specific requirements for individuals that handle
the personal information of others, such as HR, finance and other
administrative functions.
An IAP session (repeated 3 times) is being offered to give members of
the community a chance to hear about this new program, as well as
recommendations for protecting sensitive data in general.
Tuesday, Jan 12, 10-11:00 am, 56-114
Wednesday, Jan 13, 12-1:00 pm, Student Center (room to be listed soon)
food is allowed - bring your lunch! light dessert will be provided.
Thursday, Jan 21, 3-4:00 pm, 56-114
For more information, see <http://student.mit.edu/searchiap/iap-8809.html
>
If you handle personal information or other sensitive information,
this is a good opportunity to learn about the upcoming information
security program, and ask questions about specific issues you may have.
If you are not able to attend one of the IAP sessions, or you would
prefer to have the information shared at a departmental staff meeting,
please feel free to contact either Allison Dolan at adolan at mit.edu or
Monique Yeaton at myeaton at mit.edu.
------------------------------------
2. What is a Botnet, Exactly?
------------------------------------
You may have heard the term "botnet" thrown around when referring to
viruses and malware such as the Storm worm, and not known exactly what
it is. I'll attempt to explain what exactly a botnet is, and why it's
relevant to safe computing.
Botnets have been around for about 10 years now and exist in order to
assist malware distributors to do their work without the chance of
being detected. Botnets are what it sounds like: a network of robots.
A robot is in essence a machine that is programmed to perform specific
tasks automatically. So a botnet is a group of thousands (perhaps
millions) of computers all under the control of one or several owners
and responding to remote commands.
A computer becomes part of a botnet when it has been compromised by a
virus (or worm), spread throughout the Internet or through spam. Once
your computer is part of the botnet, you may not even be aware of it
carrying out its programmed tasks.
The Conficker worm alone has about 10 million computers in its botnet.
At no additional cost to them, the hackers have gained a large network
of computers all working for them. With the use of botnets, they are
sending spam (billions each day), using phishing techniques, logging
keystrokes, hosting fraudulent sites, and creating denial of service
attacks. They have reasons to keep this work going, motivated by the
large amounts of money they receive from their scams and hacks and the
ease with which they get away with it.
Shutting botnets down is not easy, so they are likely to be around for
quite some time. It is predicted that in 2010 botnets will become even
more intelligent in order to extend their own survival.
To protect our computers from falling victim, we have to block the
viruses from reaching us by:
using email filtering to stop incoming infections imbedded in spam
using web filtering to stop malicious downloads from websites
enabling desktop firewalls, and
installing malware protection software and security patches.
User education: <http://ist.mit.edu/security/educational_tools>
User education is important as well. Spread the word to others, and if
needed, share some of these educational quizzes and games to get
everyone more aware of how to prepare for, prevent and protect against
viruses and other computer compromises.
The Storm worm botnet: <http://en.wikipedia.org/wiki/Storm_botnet>
Botnet definition: <http://en.wikipedia.org/wiki/Botnet>
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100104/dcf92cf6/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20100104/dcf92cf6/attachment.bin
More information about the ist-security-fyi
mailing list